-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
6
-
x86
-
linux
FULL PRODUCT VERSION :
Seen since the first release of the DIGEST-MD5 SASL mechanism
ADDITIONAL OS VERSION INFORMATION :
Applicable for all OSes
A DESCRIPTION OF THE PROBLEM :
The current DIGEST-MD5 server SASL mechanism does not allow a client to send an initial response. According to RFC 2831 (http://www.ietf.org/rfc/rfc2831.txt) section 2.2 (Subsequent Authentication), the client may send an initial response consisting of 'cached' values for the response.
The Sun implementation (https://jdk-jrl-sources.dev.java.net/source/browse/jdk-jrl-sources/jdk6u1/trunk/j2se/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java?rev=50&view=markup) (line 180) specifically forbids an initial response from the client.
Consequently, clients that send an initial response expecting "Subsequent authentication" are rejected. According to the RFC, the server should proceed with sending a challenge if Subsequent authentication is not supported.
REPRODUCIBILITY :
This bug can be reproduced always.
Seen since the first release of the DIGEST-MD5 SASL mechanism
ADDITIONAL OS VERSION INFORMATION :
Applicable for all OSes
A DESCRIPTION OF THE PROBLEM :
The current DIGEST-MD5 server SASL mechanism does not allow a client to send an initial response. According to RFC 2831 (http://www.ietf.org/rfc/rfc2831.txt) section 2.2 (Subsequent Authentication), the client may send an initial response consisting of 'cached' values for the response.
The Sun implementation (https://jdk-jrl-sources.dev.java.net/source/browse/jdk-jrl-sources/jdk6u1/trunk/j2se/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java?rev=50&view=markup) (line 180) specifically forbids an initial response from the client.
Consequently, clients that send an initial response expecting "Subsequent authentication" are rejected. According to the RFC, the server should proceed with sending a challenge if Subsequent authentication is not supported.
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
-
- Closed
-