[#DERBY-1867] Document algorithm support required for using secmec 8(USRSSSBPWD) and limitation on ibm141 vm.

Derby

Document algorithm support required for using secmec 8(USRSSSBPWD) and limitation on ibm141 vm.

Created: 19/Sep/06 06:43 PM Updated: 01/Jun/07 10:59 PM

Return to search

Component/s:

Documentation

Affects Version/s:

10.2.1.6, 10.3.1.4

Fix Version/s:

10.3.1.4

Time Tracking:

Not Specified

File Attachments:

File Name	Date Attached	Attached By	Size
cadminappsclientsecurity.html	2007-06-01 03:39 AM	Myrna van Lunteren	8 kB
DERBY-1867.diff	2007-06-01 03:39 AM	Myrna van Lunteren	2 kB

Issue Links:

Reference

This issue relates to:

~~DERBY-1788~~ Using secmec 8(USRSSSBPWD) on 141 vms, fails with java.security.NoSuchAlgorithmException : SHA1PRNG.

Resolution Date:

01/Jun/07 10:59 PM

Description

« Hide

Using secmec8 with ibm141 vms fails with java.security.NoSuchAlgorithmException : SHA1PRNG. This needs to be documented in the server guide.

Please see: http://issues.apache.org/jira/browse/DERBY-1788?page=comments#action_12432124

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

Sunitha Kambhampati made changes - 21/Sep/06 06:24 PM

Field	Original Value	New Value
Link		This issue relates to ~~DERBY-1788~~ [ ~~DERBY-1788~~ ]

[ Permlink | « Hide ]

Sunitha Kambhampati added a comment - 21/Sep/06 07:43 PM

Problem:
With IBM 1.4.1 JVM, trying to connect to the server using the derby client with security mechanism 8 (USRSSSBPWD) will result in error

Symptoms:
Connecting using the client driver with security mechanism 8 will throw the following error
ERROR XJ112: Security exception encountered, see next exception for details.
The stack trace will show that the problem is caused by java.security.NoSuchAlgorithmException: SHA1PRNG SecureRandom not available

Cause:
Current USRSSBPWD implementation uses SHA1PRNG algorithm to generate random number(seed) that gets exchanged between client and the server. The SHA1PRNG algorithm is not available with the JCE provider that comes with IBM JVM version 1.4.1.

Workaround:
If you need to use the security mechanism 8, then make sure that support for SHA1PRNG is available in the JCE provider that is available with a particular JVM.
For e.g. Use IBM 1.4.2 JVM that has support for SHA1PRNG or the Sun JVMs.

[ Permlink | « Hide ]

Sunitha Kambhampati added a comment - 21/Sep/06 07:44 PM

Adding release note component. since it is not sure that this issue will get documented in time for the 10.2 release

Sunitha Kambhampati made changes - 21/Sep/06 07:44 PM

Summary	Document algorithm support required for using secmec 8(USRSSSBPWD) and limitation on ibm141 vm.	Document algorithm support required for using secmec 8(USRSSSBPWD) and limitation on ibm141 vm.
Derby Info		[Release Note Needed]

[ Permlink | « Hide ]

Sunitha Kambhampati added a comment - 21/Sep/06 07:47 PM

For some reason (possibly related to encoding) , the title wasnt showing up in the jira mails, so attempting to copy/paste the title here.

Repository	Revision	Date	User	Message
ASF	#448934	Fri Sep 22 13:57:50 UTC 2006	rhillegas	~~DERBY-1860~~: Update release notes: 1) Add note for ~~DERBY-1867~~, 2) Refer the user to the wiki for instructions on how to build jdbc4 support.
				Files Changed
				MODIFY /db/derby/code/branches/10.2/RELEASE-NOTES.html

[ Permlink | « Hide ]

Andrew McIntyre added a comment - 22/Sep/06 06:46 PM

Marking resolved, release note added to 10.2 release notes with revision 448934.

Andrew McIntyre made changes - 22/Sep/06 06:46 PM

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Andrew McIntyre made changes - 22/Sep/06 06:59 PM

Resolution	Fixed [ 1 ]
Status	Resolved [ 5 ]	Reopened [ 4 ]

[ Permlink | « Hide ]

Andrew McIntyre added a comment - 22/Sep/06 07:00 PM

Reopening and reassigning to 10.3, since release note has been added to 10.2.1.

Andrew McIntyre made changes - 22/Sep/06 07:00 PM

Fix Version/s		10.3.0.0 [ 12310800 ]
Affects Version/s	10.2.1.0 [ 11187 ]
Derby Info	[Release Note Needed]
Affects Version/s		10.3.0.0 [ 12310800 ]

Andrew McIntyre made changes - 22/Sep/06 07:03 PM

Fix Version/s	10.2.1.0 [ 11187 ]
Affects Version/s		10.2.1.0 [ 11187 ]

[ Permlink | « Hide ]

Andrew McIntyre added a comment - 25/Jan/07 08:38 PM

Unsetting Fix Version on unassigned issues.

Andrew McIntyre made changes - 25/Jan/07 08:38 PM

Fix Version/s

10.3.0.0 [ 12310800 ]

Myrna van Lunteren made changes - 01/Jun/07 03:35 AM

Assignee

Myrna van Lunteren [ myrna ]

[ Permlink | « Hide ]

Myrna van Lunteren added a comment - 01/Jun/07 03:39 AM

attaching a patch with the comment added in the server guide. Also attaching the html for convenience. If not comments, I'll commit tomorrow.

Myrna van Lunteren made changes - 01/Jun/07 03:39 AM

Attachment		cadminappsclientsecurity.html [ 12358681 ]
Attachment		DERBY-1867.diff [ 12358682 ]

Myrna van Lunteren made changes - 01/Jun/07 03:40 AM

Fix Version/s

10.3.0.0 [ 12310800 ]

Myrna van Lunteren made changes - 01/Jun/07 12:06 PM

Derby Info

[Patch Available]

[ Permlink | « Hide ]

Kim Haase added a comment - 01/Jun/07 05:54 PM

Looks just fine for the most part, Myrna -- there are extra periods after "1.4.1" and "1.4.2" that you might want to get rid of. Other than that, great!

Repository	Revision	Date	User	Message
ASF	#543588	Fri Jun 01 19:47:40 UTC 2007	myrnavl	~~DERBY-1867~~ - document need for SHA1PRNG algorithm support for strong password security mechanism.
				Files Changed
				MODIFY /db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita

[ Permlink | « Hide ]

Myrna van Lunteren added a comment - 01/Jun/07 10:59 PM

Thx Kim, I don't know why I put those extra periods in! but they're gone now; committed with revision: http://svn.apache.org/viewvc?view=rev&revision=543588

Myrna van Lunteren made changes - 01/Jun/07 10:59 PM

Status	Reopened [ 4 ]	Closed [ 6 ]
Derby Info	[Patch Available]
Resolution		Fixed [ 1 ]