code review request: 6882687 KerberosTime too imprecise

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Tue May 18 17:04:29 PDT 2010


Hi, Max,

Your fixes look fine.
Thanks,
Valerie

On 05/17/10 03:06, Weijun Wang wrote:
> Hi Valerie 
>
> A new bug 6950930 filed for the same problem.
>
> So ping again. Webrev small update at --
>
>    http://cr.openjdk.java.net/~weijun/6882687/webrev.01
>
> Changes:
>
> 1. 2009 -> 2010
> 2. new fields now private final
>
> Thanks
> Max
>
>
> On Sep 17, 2009, at 1:46 AM, Max (Weijun) Wang wrote:
>
>   
>> Hi Valerie
>>
>>   Please take a review for the fix at
>>
>>      http://cr.openjdk.java.net/~weijun/6882687/webrev.00
>>
>> Brad
>>
>>   This would fix the IgnoreChannelBindings test failure on CYGWIN.
>>
>> Thanks
>> Max
>>
>> Begin forwarded message:
>>
>>     
>>> From: Weijun.Wang at Sun.COM
>>> Date: September 17, 2009 1:12:13 AM GMT+08:00
>>>       
>>> *Synopsis*: KerberosTime too imprecise
>>>
>>> === *Description* ============================================================
>>> Recently I notice a Kerberos test fails on CYGWIN saying an AP-REQ is a "replay detected". It turns out that the Windows time (returned by new Date()) is too coarse (15 millisecond precision) and the two AP-REQs in the test have the same KerberosTime value.
>>>
>>> Also, the KerberosTime class is the source of microseconds value used in Authenticator etc. Since Date only provides milliseconds, this means even if on a system with ideal Date, the microsecond value is always a multiple of 1000.
>>>
>>>       
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20100518/a67ed878/attachment.html 


More information about the security-dev mailing list