Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 57463 invoked from network); 15 Jul 2006 00:09:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 15 Jul 2006 00:09:19 -0000 Received: (qmail 11657 invoked by uid 500); 15 Jul 2006 00:09:18 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 11616 invoked by uid 500); 15 Jul 2006 00:09:18 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 11603 invoked by uid 99); 15 Jul 2006 00:09:18 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jul 2006 17:09:18 -0700 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=SUBJECT_NOVOWEL X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jul 2006 17:09:17 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 56000410020 for ; Sat, 15 Jul 2006 00:07:15 +0000 (GMT) Message-ID: <28844916.1152922035349.JavaMail.jira@brutus> Date: Fri, 14 Jul 2006 17:07:15 -0700 (PDT) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme In-Reply-To: <961738915.1124734808461.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12421257 ] Rick Hillegas commented on DERBY-528: ------------------------------------- I will take a look at this patch. Thanks, Francois. > Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme > ----------------------------------------------------------------------------------------- > > Key: DERBY-528 > URL: http://issues.apache.org/jira/browse/DERBY-528 > Project: Derby > Issue Type: New Feature > Components: Security > Affects Versions: 10.1.1.0 > Reporter: Francois Orsini > Assigned To: Francois Orsini > Fix For: 10.2.0.0 > > Attachments: 528_diff_v1.txt, 528_diff_v2.txt, 528_SecMec_Testing_Table.txt, 528_stat_v1.txt, 528_stat_v2.txt > > > This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme in the network client/server driver layers. > Current Derby DRDA network client driver supports encrypted userid/password (EUSRIDPWD) via the use of DH key-agreement protocol - however current Open Group DRDA specifications imposes small prime and base generator values (256 bits) that prevents other JCE's to be used as java cryptography providers - typical minimum security requirements is usually of 1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session key. > Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications as another alternative to provide ciphered passwords across the wire. > Support of USRSSBPWD authentication scheme will enable additional JCE's to be used when encrypted passwords are required across the wire. > USRSSBPWD authentication scheme will be specified by a Derby network client user via the securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY will be defined in order to support this new (DRDA) authentication scheme. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira