> On Aug 25, 2017, at 7:46 AM, Xuelei Fan <xuelei....@oracle.com> wrote:
>
> On 8/24/2017 4:44 PM, Weijun Wang wrote:
>>> On Aug 25, 2017, at 6:27 AM, Xuelei Fan <xuelei....@oracle.com> wrote:
>>>
>>> javax/security/auth/kerberos/KerberosTicket.java
>>> ------------------------------------------------
>>> if (getRenewTill() == null) {
>>> // The current ticket's lifetime is greater than renew_until.
>>> // No need to refresh.
>>> return;
>>> }
>>>
>>> The comment is confusing to me. Per the getRenewTill() specification, does
>>> "getRenewTill() == null" means the ticket is non-renewable (destroyed)?
>> This is a bug of MIT krb5's kdc implementation, which wrongly issues a
>> renewable ticket without the renew_till field. We will have to deal with it.
>> getRenewTill()'s spec says null is return if the ticket is non-renewable
>> (destroyed), but has not said it does not return null if it's renewable. Of
>> course, it's an error case but I mean the spec has not enforced it.
>> I can enhance the comment to something like "Renewable ticket without
>> renew_until. This is illegal and let's ignore it".
> The new comment looks more reasonable to me. Please note that you have two
> update calling getRenewTill(). Otherwise, looks fine.
>
Thanks. I'll update both.
--Max
> Xuelei
>
>> --Max
>>>
>>> Xuelei
>>>
>>> On 8/24/2017 2:28 AM, Weijun Wang wrote:
>>>> Please review the fix at
>>>> http://cr.openjdk.java.net/~weijun/8186576/webrev.00
>>>> This is a MIT/krb5 bug [1], but we will accept it anyway. Also, renew such
>>>> a ticket is now a no-op because the lifetime will not be extended anyway.
>>>> New test included.
>>>> Thanks
>>>> Max
>>>> [1] http://mailman.mit.edu/pipermail/krbdev/2017-August/012809.html
