Bug 498104 - GSSAPI/SASL security layer - no support for rekeying
GSSAPI/SASL security layer - no support for rekeying
Status: NEW
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
1.1.1
All Linux
low Severity medium
: ---
: ---
Assigned To: messaging-bugs
MRG Quality Engineering
: Improvement
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-28 16:58 EDT by Gordon Sim
Modified: 2013-02-24 16:59 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gordon Sim 2009-04-28 16:58:46 EDT
When the GSSAPI security context expires on a running connection (i.e. when
Kerberos ticket expires), communication to the broker on that connection becomes impossible.

To avoid this there would need to be a new sasl exchange introduced to renegotiate a new key before the old one expires. (This is an isue for the AMQP protocol in general).

Note You need to log in before you can comment on or make changes to this bug.