RFR 8186576: KerberosTicket does not properly handle renewable tickets at the end of their lifetime
Xuelei Fan
xuelei.fan at oracle.com
Thu Aug 24 22:27:48 UTC 2017
javax/security/auth/kerberos/KerberosTicket.java
------------------------------------------------
if (getRenewTill() == null) {
// The current ticket's lifetime is greater than renew_until.
// No need to refresh.
return;
}
The comment is confusing to me. Per the getRenewTill() specification,
does "getRenewTill() == null" means the ticket is non-renewable (destroyed)?
Xuelei
On 8/24/2017 2:28 AM, Weijun Wang wrote:
> Please review the fix at
>
> http://cr.openjdk.java.net/~weijun/8186576/webrev.00
>
> This is a MIT/krb5 bug [1], but we will accept it anyway. Also, renew such a ticket is now a no-op because the lifetime will not be extended anyway.
>
> New test included.
>
> Thanks
> Max
>
> [1] http://mailman.mit.edu/pipermail/krbdev/2017-August/012809.html
>
More information about the security-dev
mailing list