code review request: 6882687 KerberosTime too imprecise

Weijun Wang Weijun.Wang at Sun.COM
Mon May 17 03:06:57 PDT 2010


Hi Valerie 

A new bug 6950930 filed for the same problem.

So ping again. Webrev small update at --

   http://cr.openjdk.java.net/~weijun/6882687/webrev.01

Changes:

1. 2009 -> 2010
2. new fields now private final

Thanks
Max


On Sep 17, 2009, at 1:46 AM, Max (Weijun) Wang wrote:

> Hi Valerie
> 
>   Please take a review for the fix at
> 
>      http://cr.openjdk.java.net/~weijun/6882687/webrev.00
> 
> Brad
> 
>   This would fix the IgnoreChannelBindings test failure on CYGWIN.
> 
> Thanks
> Max
> 
> Begin forwarded message:
> 
>> From: Weijun.Wang at Sun.COM
>> Date: September 17, 2009 1:12:13 AM GMT+08:00
> 
>> *Synopsis*: KerberosTime too imprecise
>> 
>> === *Description* ============================================================
>> Recently I notice a Kerberos test fails on CYGWIN saying an AP-REQ is a "replay detected". It turns out that the Windows time (returned by new Date()) is too coarse (15 millisecond precision) and the two AP-REQs in the test have the same KerberosTime value.
>> 
>> Also, the KerberosTime class is the source of microseconds value used in Authenticator etc. Since Date only provides milliseconds, this means even if on a system with ideal Date, the microsecond value is always a multiple of 1000.
>> 
> 




More information about the security-dev mailing list