RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos
Bernd Eckenfels
ecki at zusammenkunft.net
Wed May 27 10:12:14 UTC 2020
LdapCtxt:
2568 /**
2569 * Sets the read timeout value
2570 */
2571 private void setChannelBindingType(String cbTypeProp) {
Not sure if that javadoc is the right one? And I also wonder if enforcing the timeout is needed, and if yes if it should be documented why. Was not obvious to me,
what about having two type names (TlsChannelBindingType.TLS_SERVER_END_POINT and TlsChannelBindingType.TLS_SERVER_END_POINT_COMPAT?)
This could be configured as a SASL property and it would add the benefit that you don't need the instance specific if in the gssstub native code if you instead have two different types values?
Gruss
Bernd
________________________________
Von: security-dev <security-dev-bounces at openjdk.java.net> im Auftrag von Alexey Bakhtin <alexey at azul.com>
Gesendet: Mittwoch, Mai 27, 2020 11:43 AM
An: Valerie Peng
Cc: security-dev at openjdk.java.net; core-libs-dev at openjdk.java.net; Thomas Maslen
Betreff: Re: RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos
Hello Valerie, Unfortunately, Windows LDAP server with LdapEnforceChannelBinding=2 does not accept GSS_C_AF_NULLADDR address type. This is exact reason of these changes. I� ve tried to fix inconsistency of address type value in the latest webrev: http://cr.openjdk.java.net/~abakhtin/8245527/webrev.v2/
More information about the core-libs-dev
mailing list