Re: Microsoft LDAP Channel Binding

Am 2020-01-22 um 10:14 schrieb Weijun Wang: On Jan 22, 2020, at 4:21 PM, Michael Osipov <1983-01...@gmx.net> wrote: Am 2020-01-22 um 08:40 schrieb Weijun Wang: On Dec 18, 2019, at 9:14 PM, Michael Osipov <1983-01...@gmx.net> wrote: ... A few issues must be addressed first: * Java's SA

Re: Microsoft LDAP Channel Binding

> On Jan 22, 2020, at 4:21 PM, Michael Osipov <1983-01...@gmx.net> wrote: > > Am 2020-01-22 um 08:40 schrieb Weijun Wang: >> >> >>> On Dec 18, 2019, at 9:14 PM, Michael Osipov <1983-01...@gmx.net> wrote: >>> >>> ... >> >>> A few issues must be addressed first: >>> * Java's SASL GSSAPI mech

Re: Microsoft LDAP Channel Binding

Am 2020-01-22 um 08:40 schrieb Weijun Wang: On Dec 18, 2019, at 9:14 PM, Michael Osipov <1983-01...@gmx.net> wrote: ... A few issues must be addressed first: * Java's SASL GSSAPI mech has a bug which will make all default installations fail. I have reported this years ago and this must

Re: Microsoft LDAP Channel Binding

> On Dec 18, 2019, at 9:14 PM, Michael Osipov <1983-01...@gmx.net> wrote: > > ... > A few issues must be addressed first: > * Java's SASL GSSAPI mech has a bug which will make all default installations > fail. > I have reported this years ago and this must be immediately fixed [3]. > ... >

Re: Microsoft LDAP Channel Binding

M An: Bernd Eckenfels; security-dev@openjdk.java.net Betreff: Re: Microsoft LDAP Channel Binding Am 2019-12-18 um 04:29 schrieb Bernd Eckenfels: > Hello, > > Microsoft just released an Security Advisory, announcing that upcoming > Windows Server Versions will turn on mandatory TLS

Re: Microsoft LDAP Channel Binding

Here is a related bug https://bugs.openjdk.java.net/browse/JDK-8208301 for ADFS. Gruss Bernd -- http://bernd.eckenfels.net Von: Bernd Eckenfels Gesendet: Mittwoch, Dezember 18, 2019 4:29 AM An: security-dev@openjdk.java.net Betreff: Microsoft LDAP Channel Bindin

Re: Microsoft LDAP Channel Binding

-kerberos/pull/92 Gruss Bernd -- http://bernd.eckenfels.net Von: Michael Osipov <1983-01...@gmx.net> Gesendet: Mittwoch, Dezember 18, 2019 6:37 PM An: Bernd Eckenfels; security-dev@openjdk.java.net Betreff: Re: Microsoft LDAP Channel Binding Am 2019-12-18 um

Re: Microsoft LDAP Channel Binding

Am 2019-12-18 um 04:29 schrieb Bernd Eckenfels: Hello, Microsoft just released an Security Advisory, announcing that upcoming Windows Server Versions will turn on mandatory TLS Channel Binding (and turn off simple binds with mandatory SASL signing) on LDAP Servers. Another question here, typ

Re: Microsoft LDAP Channel Binding

This is a very important information and will affect a LOT of people. My entire authorization code uses Active Directory all the way. As far as I understand [1] and [2] you must either use TLS or SASL bind with GSSAPI mechanism. The SASL GSSAPI mech RFC 4752 strictly requires auth-int or auth-co