Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 32133 invoked from network); 22 Jul 2006 05:39:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 22 Jul 2006 05:39:31 -0000 Received: (qmail 77986 invoked by uid 500); 22 Jul 2006 05:39:30 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 77954 invoked by uid 500); 22 Jul 2006 05:39:30 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 77945 invoked by uid 99); 22 Jul 2006 05:39:30 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jul 2006 22:39:30 -0700 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=SUBJECT_NOVOWEL X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jul 2006 22:39:29 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 3CE2C41000D for ; Sat, 22 Jul 2006 05:37:15 +0000 (GMT) Message-ID: <3370365.1153546635247.JavaMail.jira@brutus> Date: Fri, 21 Jul 2006 22:37:15 -0700 (PDT) From: "Kathey Marsden (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme In-Reply-To: <961738915.1124734808461.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12422814 ] Kathey Marsden commented on DERBY-528: -------------------------------------- Running the testSecMec test I am getting symptoms that look like DERBY-1114 on all JVM's I have tried, where the test exits in the middle I think this is specific to my environment and have seen it in the past without the patch,.This will make me finally update my jdk and get it resolved. If you get Sunitha's review before you get the JCC masters from me, don't wait for the JCC masters I will update after. One other note. It might be good to open another Jira Issue to document this change. Kathey > Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme > ----------------------------------------------------------------------------------------- > > Key: DERBY-528 > URL: http://issues.apache.org/jira/browse/DERBY-528 > Project: Derby > Issue Type: New Feature > Components: Security > Affects Versions: 10.1.1.0 > Reporter: Francois Orsini > Assigned To: Francois Orsini > Fix For: 10.2.0.0 > > Attachments: 528_diff_v1.txt, 528_diff_v2.txt, 528_diff_v3.txt, 528_SecMec_Testing_Table.txt, 528_stat_v1.txt, 528_stat_v2.txt, 528_stat_v3.txt > > > This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme in the network client/server driver layers. > Current Derby DRDA network client driver supports encrypted userid/password (EUSRIDPWD) via the use of DH key-agreement protocol - however current Open Group DRDA specifications imposes small prime and base generator values (256 bits) that prevents other JCE's to be used as java cryptography providers - typical minimum security requirements is usually of 1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session key. > Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications as another alternative to provide ciphered passwords across the wire. > Support of USRSSBPWD authentication scheme will enable additional JCE's to be used when encrypted passwords are required across the wire. > USRSSBPWD authentication scheme will be specified by a Derby network client user via the securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY will be defined in order to support this new (DRDA) authentication scheme. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira