Microsoft LDAP Channel Binding
Michael Osipov
1983-01-06 at gmx.net
Wed Jan 22 08:21:00 UTC 2020
Am 2020-01-22 um 08:40 schrieb Weijun Wang:
>
>
>> On Dec 18, 2019, at 9:14 PM, Michael Osipov <1983-01-06 at gmx.net> wrote:
>>
>> ...
>
>> A few issues must be addressed first:
>> * Java's SASL GSSAPI mech has a bug which will make all default installations fail.
>> I have reported this years ago and this must be immediately fixed [3].
>>
> ...
>> [3] https://bugs.openjdk.java.net/browse/JDK-8160818
>
> My current plan is to update the default value of SERVER_AUTH: "false" if only "auth" is requested, and "true" if one of "auth-int" or "auth-conf" is requested. I'll see what compatibility impact there would be for other actions.
Max,
when you are on it, please take recent changes in Cyrus SASL into
account. A compatiblity with Cyrus SASL is crucial here.
The dicussion in question is:
https://github.com/cyrusimap/cyrus-sasl/issues/419
Especially this block:
https://github.com/cyrusimap/cyrus-sasl/blob/master/plugins/gssapi.c#L1762-L1778
Java should match here.
Michael
More information about the security-dev
mailing list