db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini (JIRA)" <derby-...@db.apache.org>
Subject [jira] Created: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
Date Mon, 22 Aug 2005 18:20:08 GMT
Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
-----------------------------------------------------------------------------------------

         Key: DERBY-528
         URL: http://issues.apache.org/jira/browse/DERBY-528
     Project: Derby
        Type: New Feature
  Components: Security  
    Versions: 10.1.1.0    
    Reporter: Francois Orsini
 Assigned to: Francois Orsini 
     Fix For: 10.1.1.1


This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication
(USRSSBPWD) scheme in the network client/server driver layers.

Current Derby DRDA network client  driver supports encrypted userid/password (EUSRIDPWD) via
the use of DH key-agreement protocol - however current Open Group DRDA specifications imposes
small prime and base generator values (256 bits) that prevents other JCE's  to be used as
java cryptography providers - typical minimum security requirements is usually of 1024 bits
(512-bit absolute minimum) when using DH key-agreement protocol to generate a session key.

Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications
as another alternative to provide ciphered passwords across the wire.

Support of USRSSBPWD authentication scheme will enable additional JCE's to  be used when encrypted
passwords are required across the wire.

USRSSBPWD authentication scheme will be specified by a Derby network client user via the securityMechanism
property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY will
be defined in order to support this new (DRDA) authentication scheme.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message