498104 – GSSAPI/SASL security layer - no support for rekeying

Bug 498104 - GSSAPI/SASL security layer - no support for rekeying

Summary: GSSAPI/SASL security layer - no support for rekeying

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	1.1.1
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	messaging-bugs
QA Contact:	MRG Quality Engineering
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-04-28 20:58 UTC by Gordon Sim
Modified:	2025-02-10 03:13 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2025-02-10 03:13:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Gordon Sim 2009-04-28 20:58:46 UTC

When the GSSAPI security context expires on a running connection (i.e. when
Kerberos ticket expires), communication to the broker on that connection becomes impossible.

To avoid this there would need to be a new sasl exchange introduced to renegotiate a new key before the old one expires. (This is an isue for the AMQP protocol in general).

Comment 1 Red Hat Bugzilla 2025-02-10 03:13:26 UTC

This product has been discontinued or is no longer tracked in Red Hat Bugzilla.

Note You need to log in before you can comment on or make changes to this bug.