[jboss-jira] [JBoss JIRA] (JGRP-1852) SASL challenge-response cycle does not process challenges
David Lloyd (JIRA)
issues at jboss.org
Mon Jun 16 12:51:24 EDT 2014
[ https://issues.jboss.org/browse/JGRP-1852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976696#comment-12976696 ]
David Lloyd commented on JGRP-1852:
-----------------------------------
It seems that many of the more recent SASL mechanisms recommend using other means (like TLS) for QOP anyway, fwiw.
> SASL challenge-response cycle does not process challenges
> ---------------------------------------------------------
>
> Key: JGRP-1852
> URL: https://issues.jboss.org/browse/JGRP-1852
> Project: JGroups
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 3.5
> Reporter: Richard Achmatowicz
> Assignee: Tristan Tarrant
> Fix For: 3.5
>
>
> The SASL challenge-response cycle between a client peer and a server peer should look like this:
> * client sends (possibly empty) response
> * server evaluates response and sends challenge
> * client evaluates challenge and returns response
> and so on until the cycle ends.
> The client sends responses in SASL headers marked Type.RESPONSE.; the server sends challenges in SASL headers marked Type.CHALLENGE.
> Due to a typo, all headers are marked as Type.RESPONSE, so that CHALLENGE messages were not being processed. The test case passes none the less!
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list