Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1924

Client can provide more information during auth mechanism negotiation

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.3.0
    • Fix Version/s: None
    • Component/s: rpc, security
    • Labels:
      None

      Description

      Currently, the client exposes its available auth mechanisms by just listing their types, with no further information. Instead, it could provide supplemental info such as the key sequence number that signed its token, and the fingerprint of the CA cert that signed its certificate. The server could then know not to try negotiating a mechanism that is known to fail (and instead fall back to GSSAPI, for example).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: