code review request: 6882687 KerberosTime too imprecise
Weijun Wang
Weijun.Wang at Sun.COM
Mon May 17 10:06:57 UTC 2010
Hi Valerie
A new bug 6950930 filed for the same problem.
So ping again. Webrev small update at --
http://cr.openjdk.java.net/~weijun/6882687/webrev.01
Changes:
1. 2009 -> 2010
2. new fields now private final
Thanks
Max
On Sep 17, 2009, at 1:46 AM, Max (Weijun) Wang wrote:
> Hi Valerie
>
> Please take a review for the fix at
>
> http://cr.openjdk.java.net/~weijun/6882687/webrev.00
>
> Brad
>
> This would fix the IgnoreChannelBindings test failure on CYGWIN.
>
> Thanks
> Max
>
> Begin forwarded message:
>
>> From: Weijun.Wang at Sun.COM
>> Date: September 17, 2009 1:12:13 AM GMT+08:00
>
>> *Synopsis*: KerberosTime too imprecise
>>
>> === *Description* ============================================================
>> Recently I notice a Kerberos test fails on CYGWIN saying an AP-REQ is a "replay detected". It turns out that the Windows time (returned by new Date()) is too coarse (15 millisecond precision) and the two AP-REQs in the test have the same KerberosTime value.
>>
>> Also, the KerberosTime class is the source of microseconds value used in Authenticator etc. Since Date only provides milliseconds, this means even if on a system with ideal Date, the microsecond value is always a multiple of 1000.
>>
>
More information about the security-dev
mailing list