Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P4
Fix Version/s: 7
Affects Version/s: 6u26, 7
Component/s: security-libs
Labels:
- verify-waive-build

Subcomponent:
org.ietf.jgss:krb5
Resolved In Build:
b97
CPU:

generic, x86
OS:

generic, windows_xp
Verification:
Not verified

Recently I notice a Kerberos test fails on CYGWIN saying an AP-REQ is a "replay detected". It turns out that the Windows time (returned by new Date()) is too coarse (15 millisecond precision) and the two AP-REQs in the test have the same KerberosTime value.

Also, the KerberosTime class is the source of microseconds value used in Authenticator etc. Since Date only provides milliseconds, this means even if on a system with ideal Date, the microsecond value is always a multiple of 1000.

duplicates

JDK-6950930 test failure windows sun/security/krb5/auto/IgnoreChannelBinding.java

Closed

JDK-7085018 Kerberos replay attack detection due to low JDK clock resolution

Closed

relates to

JDK-7077172 KerberosTime does not take into account system clock adjustement

Closed

JDK-2217345 KerberosTime does not take into account system clock adjustement

Closed

Assignee:: Weijun Wang

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2009-09-16 10:08

Updated:: 2012-07-23 07:30

Resolved:: 2011-05-17 15:51

Imported:: 17/Sep/12 7:10 PM

Indexed:: 24/Jul/12 2:39 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates