< prev index next >
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java
Print this page
rev 15878 : 8168518: rcache interop with krb5-1.15
@@ -94,10 +94,12 @@
* The old style block is always created by MIT krb5 used even if a new style
* is available, which means there can be 2 entries for a single Authenticator.
* Java also does this way.
*
* See src/lib/krb5/rcache/rc_io.c and src/lib/krb5/rcache/rc_dfl.c.
+ *
+ * Update: New version can use other hash algorithms.
*/
public class DflCache extends ReplayCache {
private static final int KRB5_RV_VNO = 0x501;
private static final int EXCESSREPS = 30; // if missed-hit>this, recreate
@@ -298,11 +300,11 @@
AuthTime a = AuthTime.readFrom(chan);
if (a instanceof AuthTimeWithHash) {
if (time.equals(a)) {
// Exact match, must be a replay
throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);
- } else if (time.isSameIgnoresHash(a)) {
+ } else if (time.sameTimeDiffHash((AuthTimeWithHash)a)) {
// Two different authenticators in the same second.
// Remember it
seeNewButNotSame = true;
}
} else {
< prev index next >