diff --git a/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java b/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
index 5a62d6d2508..9271d9bcefb 100644
--- a/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
@@ -338,15 +338,19 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
             System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
         long times[] = readTimes();
         KerberosTime authtime = new KerberosTime(times[0]);
-        KerberosTime starttime = new KerberosTime(times[1]);
+        KerberosTime starttime =
+                (times[1]==0) ? null : new KerberosTime(times[1]);
         KerberosTime endtime = new KerberosTime(times[2]);
-        KerberosTime renewTill = new KerberosTime(times[3]);
+        KerberosTime renewTill =
+                (times[3]==0) ? null : new KerberosTime(times[3]);
 
         if (DEBUG) {
             System.out.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
-            System.out.println(">>>DEBUG <CCacheInputStream> start time: " + starttime.toDate().toString());
+            System.out.println(">>>DEBUG <CCacheInputStream> start time: " +
+                    ((starttime==null)?"null":starttime.toDate().toString()));
             System.out.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
-            System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " + renewTill.toDate().toString());
+            System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
+                    ((renewTill==null)?"null":renewTill.toDate().toString()));
         }
         boolean skey = readskey();
         boolean flags[] = readFlags();
diff --git a/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java b/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
index 0c7b1ed32b2..ff45cb73d37 100644
--- a/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
@@ -79,9 +79,13 @@ public class Credentials {
         key = (EncryptionKey) new_key.clone();
 
         authtime = (KerberosTime) new_authtime.clone();
-        starttime = (KerberosTime) new_starttime.clone();
+        if (new_starttime != null) {
+            starttime = (KerberosTime) new_starttime.clone();
+        }
         endtime = (KerberosTime) new_endtime.clone();
-        renewTill = (KerberosTime) new_renewTill.clone();
+        if (new_renewTill != null) {
+            renewTill = (KerberosTime) new_renewTill.clone();
+        }
         if (new_caddr != null) {
             caddr = (HostAddresses) new_caddr.clone();
         }
@@ -112,9 +116,13 @@ public class Credentials {
         key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
         flags = (TicketFlags) kdcRep.encKDCRepPart.flags.clone();
         authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
-        starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone();
+        if (kdcRep.encKDCRepPart.starttime != null) {
+            starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone();
+        }
         endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone();
-        renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
+        if (kdcRep.encKDCRepPart.renewTill != null) {
+            renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
+        }
         srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
         sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
         caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
@@ -181,9 +189,14 @@ public class Credentials {
         boolean valid = true;
         if (endtime.getTime() < System.currentTimeMillis()) {
             valid = false;
-        } else if ((starttime.getTime() > System.currentTimeMillis())
-                || ((starttime == null) && (authtime.getTime() > System.currentTimeMillis()))) {
-            valid = false;
+        } else if (starttime != null) {
+            if (starttime.getTime() > System.currentTimeMillis()) {
+                valid = false;
+            }
+        } else {
+            if (authtime.getTime() > System.currentTimeMillis()) {
+                valid = false;
+            }
         }
         return valid;
     }
diff --git a/jdk/test/sun/security/krb5/TimeInCCache.java b/jdk/test/sun/security/krb5/TimeInCCache.java
new file mode 100644
index 00000000000..5ef8b5370df
--- /dev/null
+++ b/jdk/test/sun/security/krb5/TimeInCCache.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6590930
+ * @summary read/write does not match for ccache
+ */
+
+import java.io.ByteArrayInputStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import sun.security.krb5.internal.ccache.CCacheInputStream;
+import sun.security.krb5.internal.ccache.Credentials;
+
+public class TimeInCCache {
+    public static void main(String[] args) throws Exception {
+        // A trivial cache file, with startdate and renewTill being zero.
+        // The endtime is set to sometime in year 2022, so that isValid()
+        // will always check starttime.
+        byte[] ccache = new byte[]{
+            5, 4, 0, 12, 0, 1, 0, 8, -1, -1, -1, 19, -1, -2, 89, 51,
+            0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73,
+            46, 76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0,
+            0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73, 46,
+            76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0, 0,
+            0, 0, 0, 0, 0, 2, 0, 0, 0, 10, 77, 65, 88, 73, 46, 76,
+            79, 67, 65, 76, 0, 0, 0, 6, 107, 114, 98, 116, 103, 116, 0, 0,
+            0, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, 0, 17, 0, 0,
+            0, 16, -78, -85, -90, -50, -68, 115, 68, 8, -39, -109, 91, 61, -17, -27,
+            -122, -120, 71, 69, 16, -121, 0, 0, 0, 0, 98, 69, 16, -121, 0, 0,
+            0, 0, 0, 64, -32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+            0, 1, 0, 97, -127, -3, 48, -127, -6, -96, 3, 2, 1, 5, -95, 12,
+            27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -94, 31, 48, 29,
+            -96, 3, 2, 1, 0, -95, 22, 48, 20, 27, 6, 107, 114, 98, 116, 103,
+            116, 27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -93, -127, -61,
+            48, -127, -64, -96, 3, 2, 1, 17, -95, 3, 2, 1, 1, -94, -127, -77,
+            4, -127, -80, 43, 65, -66, 34, 21, -34, 37, 35, 32, 50, -14, 122, 77,
+            -3, -29, 37, 99, 50, 125, -43, -96, -78, 85, 23, 41, -80, 68, 2, -109,
+            -27, 38, -41, -72, -32, 127, 63, -76, -22, 81, 33, -114, -30, 104, 125, -81,
+            -29, 70, -25, 23, 100, -75, -25, 62, -120, -78, -61, -100, -74, 50, -117, -127,
+            -16, 79, -106, 62, -39, 91, 100, -10, 23, -88, -18, -47, 51, -19, 113, 18,
+            98, -101, 31, 98, 22, -81, 11, -41, -42, 67, 87, 92, -2, 42, -54, 79,
+            49, -90, 43, -37, 90, -102, 125, 62, -88, -77, 100, 102, 23, -57, -51, 38,
+            68, -44, -57, -102, 103, -6, 85, -58, 74, -117, -87, 67, -103, -36, 110, -122,
+            115, 12, 118, -106, -114, -51, 79, 68, 32, -91, -53, -5, -51, 89, 72, 70,
+            123, -12, -95, 9, 40, -30, -117, 74, 77, 38, 91, 126, -82, 17, 98, 98,
+            -49, 78, 36, 36, 103, -76, -100, -23, 118, -92, -8, 80, 103, -23, -98, 56,
+            21, 65, -77, 0, 0, 0, 0
+        };
+        System.setProperty("sun.security.krb5.debug", "true");  // test code changes in DEBUG
+        CCacheInputStream cis = new CCacheInputStream(new ByteArrayInputStream(ccache));
+        cis.readVersion();
+        cis.readTag();
+        cis.readPrincipal(0x504);
+        Method m = CCacheInputStream.class.getDeclaredMethod("readCred", Integer.TYPE);
+        m.setAccessible(true);
+        Credentials c = (Credentials) m.invoke(cis, new Integer(0x504));
+        sun.security.krb5.Credentials cc = c.setKrbCreds();
+
+        // 1. Make sure starttime is still null
+        if (cc.getStartTime() != null) {
+            throw new Exception("Fail, starttime should be zero here");
+        }
+
+        // 2. Make sure renewTill is still null
+        if (cc.getRenewTill() != null) {
+            throw new Exception("Fail, renewTill should be zero here");
+        }
+
+        // 3. Make sure isValid works
+        c.isValid();
+    }
+}