Bug 498104 - GSSAPI/SASL security layer - no support for rekeying
Summary: GSSAPI/SASL security layer - no support for rekeying
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: 1.1.1
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
: ---
Assignee: messaging-bugs
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-28 20:58 UTC by Gordon Sim
Modified: 2025-02-10 03:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2025-02-10 03:13:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Gordon Sim 2009-04-28 20:58:46 UTC
When the GSSAPI security context expires on a running connection (i.e. when
Kerberos ticket expires), communication to the broker on that connection becomes impossible.

To avoid this there would need to be a new sasl exchange introduced to renegotiate a new key before the old one expires. (This is an isue for the AMQP protocol in general).

Comment 1 Red Hat Bugzilla 2025-02-10 03:13:26 UTC
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.


Note You need to log in before you can comment on or make changes to this bug.