Details
-
Improvement
-
Resolution: Fixed
-
Blocker
-
5.5.0
Description
Full & Half modes were provided in 5.0 but it utilizes certificates.
In most of the deployments of target clusters, all network ports are closed but XDCR and it is impossible to retrieve certificates on the wire.
Goal of this improvement is to not use certificates but SASL to hide password on the wire.
Note: Certificates management is not acceptable.
Example: SCRAM-SHA would solve the problem.
Attachments
Issue Links
Gerrit Reviews
For Gerrit Dashboard: MB-25401 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
88158,19 | MB-25401 scram-sha support | master | goxdcr | Status: ABANDONED | 0 | 0 |
89685,17 | MB-25401 scram-sha support | master | goxdcr | Status: MERGED | +2 | +1 |
89723,5 | MB-28245 SCRAM-SHA support on ns_server REST server | master | ns_server | Status: MERGED | +2 | +1 |
90188,7 | MB-25401 client code for SCRAM-SHA via Http | master | goutils | Status: MERGED | +2 | +1 |
90251,2 | MB-28245 enable SCRAM-SHA auth for Administrator | master | ns_server | Status: MERGED | +2 | +1 |
90681,4 | MB-25401 bring github.com/pkg/errors to godeps | master | manifest | Status: MERGED | +2 | +1 |