Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-1661

AUTH bypasses join requests without auth_headers

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.3.4, 3.4
    • 3.3.3
    • None

    Description

      The cluster coordinator allows new members to join the cluster if their join requests do not contain auth headers.

      A simple test case would involve two nodes. One node should be configured to use a protocol stack with AUTH. The other node should use the same stack but with AUTH excluded. The node that uses AUTH needs to be brought up first so it can become cluster coordinator. The second node will now successfully join the cluster even though it does not send any auth tokens along with its join requests.

      Attachments

        Activity

          People

            rhn-engineering-bban Bela Ban
            sergey.tumashov Sergey Tumashov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: