On Tue, Sep 22, 2009 at 09:50:19AM -0700, Peter wrote: > From what I can tell, this change was not pushed as a critical update, > I had to install a patch manually to get channel binding capability > for Windows XP (http://support.microsoft.com/kb/968389). I've done > some experimenting with both Windows 7 and Windows XP and channel > binding definitely behaves differently on the two platforms. With > Windows 7, IWA authentication appears to provide channel binding > regardless if the application requests extended protection. Actually, > this is causing a runtime failure in my Java application using jgss > without any channel bindings defined on the acceptor: > > GSSException: Channel binding mismatch (Mechanism level: > ChannelBinding not provided!)
The JGSS issue is CR #6851973: 6851973 ignore incoming channel binding if acceptor does not set one The fix will be in the October 2009 updates. (The fix was integrated into build b64.) Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
