db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francois Orsini <francois.ors...@gmail.com>
Subject Re: [jira] Created: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
Date Mon, 22 Aug 2005 21:36:08 GMT
No it does NOT.

On 8/22/05, David Van Couvering <David.Vancouvering@sun.com> wrote:
> I'd like to get clear -- does USRSSBPWD require certificates on the
> client and server?
> 
> Thanks,
> 
> David
> 
> Francois Orsini (JIRA) wrote:
> 
> >Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD)
scheme
> >-----------------------------------------------------------------------------------------
> >
> >         Key: DERBY-528
> >         URL: http://issues.apache.org/jira/browse/DERBY-528
> >     Project: Derby
> >        Type: New Feature
> >  Components: Security
> >    Versions: 10.1.1.0
> >    Reporter: Francois Orsini
> > Assigned to: Francois Orsini
> >     Fix For: 10.1.1.1
> >
> >
> >This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication
(USRSSBPWD) scheme in the network client/server driver layers.
> >
> >Current Derby DRDA network client  driver supports encrypted userid/password (EUSRIDPWD)
via the use of DH key-agreement protocol - however current Open Group DRDA specifications
imposes small prime and base generator values (256 bits) that prevents other JCE's  to be
used as java cryptography providers - typical minimum security requirements is usually of
1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session
key.
> >
> >Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA
specifications as another alternative to provide ciphered passwords across the wire.
> >
> >Support of USRSSBPWD authentication scheme will enable additional JCE's to  be used
when encrypted passwords are required across the wire.
> >
> >USRSSBPWD authentication scheme will be specified by a Derby network client user
via the securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY
will be defined in order to support this new (DRDA) authentication scheme.
> >
> >
> >
> 
> 
>

Mime
View raw message