You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by "Mark Brouwer (JIRA)" <ji...@apache.org> on 2007/11/20 19:21:43 UTC

[jira] Updated: (RIVER-178) Kerberos provider should support a system property to limit session key lifetime

     [ https://issues.apache.org/jira/browse/RIVER-178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Brouwer updated RIVER-178:
-------------------------------

      Description: 
Bugtraq ID [5023464|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5023464]

Currently jgss does not expire the session context once its session ticket expires.  GSSContext.getLifeTime() always returns GSSContext.INDEFINITE_LIFETIME.  If a system property should be added to allow user to set a time limit for session keys, while the Kerberos provider still checks GSSContext.getLifeTime(), so things will work properly once jgss fixes the problem.Currently jgss does not expire the session context once its session ticket expires.  GSSContext.getLifeTime() always returns GSSContext.INDEFINITE_LIFETIME.  If a system property should be added to allow user to set a time limit for session keys, while the Kerberos provider still checks GSSContext.getLifeTime(), so things will work properly once jgss fixes the problem.

  was:
Bugtraq ID [5023464|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5023464]

Currently jgss does not expire the session context once its session
ticket expires.  GSSContext.getLifeTime() always returns
GSSContext.INDEFINITE_LIFETIME.  If a system property should be added
to allow user to set a time limit for session keys, while the Kerberos
provider still checks GSSContext.getLifeTime(), so things will work
properly once jgss fixes the problem.Currently jgss does not expire the session context once its session
ticket expires.  GSSContext.getLifeTime() always returns
GSSContext.INDEFINITE_LIFETIME.  If a system property should be added
to allow user to set a time limit for session keys, while the Kerberos
provider still checks GSSContext.getLifeTime(), so things will work
properly once jgss fixes the problem.

    Fix Version/s:     (was: jtsk_1.0)

> Kerberos provider should support a system property to limit session key lifetime
> --------------------------------------------------------------------------------
>
>                 Key: RIVER-178
>                 URL: https://issues.apache.org/jira/browse/RIVER-178
>             Project: River
>          Issue Type: Bug
>          Components: net_jini_jeri
>            Reporter: Phil Steitz
>            Priority: Minor
>
> Bugtraq ID [5023464|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5023464]
> Currently jgss does not expire the session context once its session ticket expires.  GSSContext.getLifeTime() always returns GSSContext.INDEFINITE_LIFETIME.  If a system property should be added to allow user to set a time limit for session keys, while the Kerberos provider still checks GSSContext.getLifeTime(), so things will work properly once jgss fixes the problem.Currently jgss does not expire the session context once its session ticket expires.  GSSContext.getLifeTime() always returns GSSContext.INDEFINITE_LIFETIME.  If a system property should be added to allow user to set a time limit for session keys, while the Kerberos provider still checks GSSContext.getLifeTime(), so things will work properly once jgss fixes the problem.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.