RFC 4120 5.5.1 has > seq-number > This optional field includes the initial sequence number to be used by the > KRB_PRIV or KRB_SAFE messages when sequence numbers are used to detect > replays. (It may also be used by application specific messages.) When > included in the authenticator, this field specifies the initial sequence > number for messages from the client to the server. When included in the > AP-REP message, the initial sequence number is that for messages from the > server to the client. When used in KRB_PRIV or KRB_SAFE messages, it is > incremented by one after each message is sent. Sequence numbers fall in the > range 0 through 2^32 - 1 and wrap to zero following the value 2^32 - 1.
If it wraps, then it’s 4 bytes. I will read more on it. Thanks Max > 在 2018年4月24日,18:08,Valerie Peng <valerie.p...@oracle.com> 写道: > > Hi Max, > > Most changes look good. I have only some comments and questions (see below): > > - InitSecContextToken.java, line 62: bad -> unrecognized? > - According to the class javadoc of various Token classes and Kerberos spec, > the sequence number is 8-byte integer from header byte 8-15, but java int > have only 4 bytes. The current code seems to assume the first 4 bytes of the > sequence number are always 0. For the sake of compliance and max > inter-operability, maybe we should use long to store the sequence number? > > CSR looks good to me. > Thanks, > Valerie > > > >> On 4/18/2018 10:40 AM, Weijun Wang wrote: >> Please take a review of this fix: >> >> webrev: http://cr.openjdk.java.net/~weijun/8201627/webrev.00/ >> CSR: https://bugs.openjdk.java.net/browse/JDK-8201814 >> >> Basically we fix some bugs and introduce a system property so we can interop >> with everyone. >> >> Thanks >> Max >> >
