Istvan Toth created HBASE-29080:
-----------------------------------
Summary: Validate negotiated SASL QOP against requested
Key: HBASE-29080
URL: https://issues.apache.org/jira/browse/HBASE-29080
Project: HBase
Issue Type: Bug
Components: rpc, sasl
Reporter: Istvan Toth
Assignee: Istvan Toth
We currently do not verify that the negotiatied SASL QOP satisfies the
requested QOP.
Mechanisms that do support QOP are expected to abort negotation if they cannot
satisfy the requirements, but mechanisms which do not support QOP will ignore
the requested QOP property and successfully negotiate even if non-auth QOP was
requested.
Explicitly checking the negotiated QOP makes sure that no downgrade happens in
the communication QOP.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
