db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Van Couvering <David.Vancouver...@Sun.COM>
Subject Re: [jira] Created: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
Date Mon, 22 Aug 2005 21:09:16 GMT
I'd like to get clear -- does USRSSBPWD require certificates on the 
client and server?

Thanks,

David

Francois Orsini (JIRA) wrote:

>Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
>-----------------------------------------------------------------------------------------
>
>         Key: DERBY-528
>         URL: http://issues.apache.org/jira/browse/DERBY-528
>     Project: Derby
>        Type: New Feature
>  Components: Security  
>    Versions: 10.1.1.0    
>    Reporter: Francois Orsini
> Assigned to: Francois Orsini 
>     Fix For: 10.1.1.1
>
>
>This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication
(USRSSBPWD) scheme in the network client/server driver layers.
>
>Current Derby DRDA network client  driver supports encrypted userid/password (EUSRIDPWD)
via the use of DH key-agreement protocol - however current Open Group DRDA specifications
imposes small prime and base generator values (256 bits) that prevents other JCE's  to be
used as java cryptography providers - typical minimum security requirements is usually of
1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session
key.
>
>Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications
as another alternative to provide ciphered passwords across the wire.
>
>Support of USRSSBPWD authentication scheme will enable additional JCE's to  be used when
encrypted passwords are required across the wire.
>
>USRSSBPWD authentication scheme will be specified by a Derby network client user via the
securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY
will be defined in order to support this new (DRDA) authentication scheme.
>
>  
>

Mime
View raw message