RFR 8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace

Sean Mullan sean.mullan at oracle.com
Thu Jul 2 14:05:21 UTC 2015


This looks fine. The isOld method should probably be static. Also, can 
you document this renewal behavior in the class summary in the 
"renewTGT" section?

--Sean

On 06/25/2015 04:21 AM, Weijun Wang wrote:
> Please review the code change at
>
>     http://cr.openjdk.java.net/~weijun/8058290/webrev.00/
>
> After this fix, a "renewTGT=true" in JAAS config for Krb5LoginModule
> means "renew if old enough", as suggested by the bug reporter [1].
>
> Thanks
> Max
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8058290



More information about the security-dev mailing list