Bug 498104

Summary: GSSAPI/SASL security layer - no support for rekeying
Product: Red Hat Enterprise MRG Reporter: Gordon Sim <gsim>
Component: qpid-cppAssignee: messaging-bugs <messaging-bugs>
Status: CLOSED UPSTREAM QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 1.1.1CC: jross
Target Milestone: ---Keywords: Improvement
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-02-10 03:13:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gordon Sim 2009-04-28 20:58:46 UTC 
When the GSSAPI security context expires on a running connection (i.e. when
Kerberos ticket expires), communication to the broker on that connection becomes impossible.

To avoid this there would need to be a new sasl exchange introduced to renegotiate a new key before the old one expires. (This is an isue for the AMQP protocol in general).
Comment 1 Red Hat Bugzilla 2025-02-10 03:13:26 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.