[jira] [Resolved] (ZOOKEEPER-4889) Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

Andor Molnar (Jira) Tue, 26 Nov 2024 07:56:19 -0800


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andor Molnar resolved ZOOKEEPER-4889.
-------------------------------------
    Fix Version/s: 3.9.4
                   3.10.0
                   3.8.5
       Resolution: Fixed

Issue resolved by pull request 2215
[https://github.com/apache/zookeeper/pull/2215]

> Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode
> ----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4889
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4889
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client, security, server
>    Affects Versions: 3.8.4, 3.10, 3.9.3
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>              Labels: FIPS, SASL, pull-request-available
>             Fix For: 3.9.4, 3.10.0, 3.8.5
>
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> FIPS doesn't allow using MD5 algorithm, so it should be disabled at all 
> times. When we create SASL client there's a fallback code path: if Kerberos 
> doesn't work for some reason, we try to use DIGEST-MD5 mech instead. We 
> already have a fips-mode property, so let's disable this code patch if the 
> property is enabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ZOOKEEPER-4889) Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

Reply via email to