--- old/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java	2016-10-25 15:18:40.000000000 +0800
+++ new/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java	2016-10-25 15:18:40.000000000 +0800
@@ -96,6 +96,8 @@
  * Java also does this way.
  *
  * See src/lib/krb5/rcache/rc_io.c and src/lib/krb5/rcache/rc_dfl.c.
+ *
+ * Update: New version can use other hash algorithms.
  */
 public class DflCache extends ReplayCache {
 
@@ -300,7 +302,7 @@
                         if (time.equals(a)) {
                             // Exact match, must be a replay
                             throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);
-                        } else if (time.isSameIgnoresHash(a)) {
+                        } else if (time.sameTimeDiffHash((AuthTimeWithHash)a)) {
                             // Two different authenticators in the same second.
                             // Remember it
                             seeNewButNotSame = true;