[security-dev 01219]: code review request: 6882687 KerberosTime too imprecise

Max (Weijun) Wang Weijun.Wang at Sun.COM
Wed Sep 16 10:46:12 PDT 2009

Hi Valerie

    Please take a review for the fix at



    This would fix the IgnoreChannelBindings test failure on CYGWIN.


Begin forwarded message:

> From: Weijun.Wang at Sun.COM
> Date: September 17, 2009 1:12:13 AM GMT+08:00

> *Synopsis*: KerberosTime too imprecise
> === *Description*  
> ============================================================
> Recently I notice a Kerberos test fails on CYGWIN saying an AP-REQ  
> is a "replay detected". It turns out that the Windows time (returned  
> by new Date()) is too coarse (15 millisecond precision) and the two  
> AP-REQs in the test have the same KerberosTime value.
> Also, the KerberosTime class is the source of microseconds value  
> used in Authenticator etc. Since Date only provides milliseconds,  
> this means even if on a system with ideal Date, the microsecond  
> value is always a multiple of 1000.

More information about the security-dev mailing list