Re: LDAP Channel Binding

/webrev.v0/ [1] - https://tools.ietf.org/html/rfc4121#section-4.1.1.2 [2] - https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/overview-52/index.html Regards Alexey Date: Tue, 18 Feb 2020 19:17:20 +0100 From: Michael Osipov To: Bernd Eckenfels , "security-dev@openjdk.java.net

Re: LDAP Channel Binding

underdocumented. Gruss Bernd -- http://bernd.eckenfels.net Von: security-dev im Auftrag von Michael Osipov <1983-01...@gmx.net> Gesendet: Wednesday, February 19, 2020 10:54:49 PM Cc: security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding After a

Re: LDAP Channel Binding

Cc: Bernd Eckenfels ; security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-02-14 um 15:53 schrieb Weijun Wang: On Jan 22, 2020, at 6:31 AM, Michael Osipov <1983-01...@gmx.net> wrote: Am 2020-01-21 um 17:57 schrieb Bernd Eckenfels: Hello, I have now repeat

Re: LDAP Channel Binding

After another research reading RFC 5929 as well as PostgreSQL support of CB with SASL SCRAM authentication mech, I believe we first need JDK-6491070 solved for tls-unique. That byte array has to be passed to org.ietf.jgss.ChannelBinding(byte[]). Addresses are not necessary because the outer contex

Re: LDAP Channel Binding

ernd > -- > http://bernd.eckenfels.net > Von: Michael Osipov <1983-01...@gmx.net> > Gesendet: Sunday, February 16, 2020 11:02:16 AM > An: Weijun Wang > Cc: Bernd Eckenfels ; security-dev@openjdk.java.net > > Betreff: Re: LDAP Channel Binding > > Am 2020-02-1

Re: LDAP Channel Binding

gt; Von: Michael Osipov <1983-01...@gmx.net> > Gesendet: Sunday, February 16, 2020 11:02:16 AM > An: Weijun Wang > Cc: Bernd Eckenfels ; security-dev@openjdk.java.net > > Betreff: Re: LDAP Channel Binding > > Am 2020-02-14 um 15:53 schrieb Weijun Wang: > > >

Re: LDAP Channel Binding

ty-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-02-14 um 15:53 schrieb Weijun Wang: > > >> On Jan 22, 2020, at 6:31 AM, Michael Osipov <1983-01...@gmx.net> wrote: >> >> Am 2020-01-21 um 17:57 schrieb Bernd Eckenfels: >>> Hello, >>> >>&g

Re: LDAP Channel Binding

Am 2020-02-14 um 15:53 schrieb Weijun Wang: On Jan 22, 2020, at 6:31 AM, Michael Osipov <1983-01...@gmx.net> wrote: Am 2020-01-21 um 17:57 schrieb Bernd Eckenfels: Hello, I have now repeated the tests with LdapEnforceChannelBinding=2 and I could see the rejection with error code 80090346 fo

Re: LDAP Channel Binding

TLS) binding. > > >> Von: Michael Osipov >> <1983-01...@gmx.net> Gesendet: Sonntag, Januar 19, 2020 11:15 AM An: >> Bernd Eckenfels Cc: security-dev@openjdk.java.net Betreff: Re: LDAP >> Channel Binding >> >> Am 2

Re: LDAP Channel Binding

;1983-01...@gmx.net> Gesendet: Sonntag, Januar 19, 2020 11:15 AM An: Bernd Eckenfels Cc: security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-01-19 um 08:02 schrieb Bernd Eckenfels: You said it is confusing, but the bug you mentioned is only a valid feature request, it does not

Re: LDAP Channel Binding

Cc: security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-01-19 um 08:02 schrieb Bernd Eckenfels: You said it is confusing, but the bug you mentioned is only a valid feature request, it does not talk about failing binds. I would assume that Kerberos needs the binding token an

Re: LDAP Channel Binding

Von: Michael Osipov <1983-01...@gmx.net> Gesendet: Sonntag, Januar 19, 2020 11:15 AM An: Bernd Eckenfels Cc: security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-01-19 um 08:02 schrieb Bernd Eckenfels: > You said it is confusing, but the bug you mentioned

Re: LDAP Channel Binding

r 19, 2020 11:15 AM An: Bernd Eckenfels Cc: security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-01-19 um 08:02 schrieb Bernd Eckenfels: > You said it is confusing, but the bug you mentioned is only a valid > feature request, it does not talk about failing binds. I would

Re: LDAP Channel Binding

ecurity-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-01-16 um 11:32 schrieb Bernd Eckenfels: Hello, Some updates: Microsoft moved their automatic update of the LDAP policies in Windows Server updates to March 2020 (but still recommend to activate it earlier). And I did some tests: wh

Re: LDAP Channel Binding

Von: Michael Osipov <1983-01...@gmx.net> Gesendet: Saturday, January 18, 2020 9:39:08 PM An: Bernd Eckenfels ; security-dev@openjdk.java.net Betreff: Re: LDAP Channel Binding Am 2020-01-16 um 11:32 schrieb Bernd Eckenfels: > Hello, > > Some updates

Re: LDAP Channel Binding

Am 2020-01-16 um 11:32 schrieb Bernd Eckenfels: Hello, Some updates: Microsoft moved their automatic update of the LDAP policies in Windows Server updates to March 2020 (but still recommend to activate it earlier). And I did some tests: when you turn on the mandatory LDAP Signing, then simple

Re: LDAP Channel Binding

Hello, Some updates: Microsoft moved their automatic update of the LDAP policies in Windows Server updates to March 2020 (but still recommend to activate it earlier). And I did some tests: when you turn on the mandatory LDAP Signing, then simple binds or Digest-md5 binds over LDAP are rejected