RFR 8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace

Sean Mullan sean.mullan at oracle.com
Thu Jul 2 14:05:21 UTC 2015

This looks fine. The isOld method should probably be static. Also, can 
you document this renewal behavior in the class summary in the 
"renewTGT" section?


On 06/25/2015 04:21 AM, Weijun Wang wrote:
> Please review the code change at
>     http://cr.openjdk.java.net/~weijun/8058290/webrev.00/
> After this fix, a "renewTGT=true" in JAAS config for Krb5LoginModule
> means "renew if old enough", as suggested by the bug reporter [1].
> Thanks
> Max
> [1] https://bugs.openjdk.java.net/browse/JDK-8058290

More information about the security-dev mailing list