[ZOOKEEPER-4889] Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.8.4, 3.10, 3.9.3
Fix Version/s: 3.10.0, 3.8.5, 3.9.4
Component/s: java client, security, server
Labels:

Description

FIPS doesn't allow using MD5 algorithm, so it should be disabled at all times. When we create SASL client there's a fallback code path: if Kerberos doesn't work for some reason, we try to use DIGEST-MD5 mech instead. We already have a fips-mode property, so let's disable this code patch if the property is enabled.

Attachments

Issue Links

is related to

ZOOKEEPER-4832 Better guidance on how to configure zookeeper for FIPS

Open

links to

GitHub Pull Request #2213

GitHub Pull Request #2214

GitHub Pull Request #2215

Activity

People

Assignee:: Andor Molnar

Reporter:: Andor Molnar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 1 week ago 15:54

Updated:: 5 days ago 15:55

Resolved:: 5 days ago 15:55

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: