This is a very important information and will affect a LOT of people.
My entire authorization code uses Active Directory all the way.
As far as I understand [1] and [2] you must either use TLS or SASL bind with GSSAPI mechanism.
The SASL GSSAPI mech RFC 4752 strictly requires auth-int or auth-co
Am 2019-12-18 um 04:29 schrieb Bernd Eckenfels:
Hello,
Microsoft just released an Security Advisory, announcing that upcoming Windows
Server Versions will turn on mandatory TLS Channel Binding (and turn off simple
binds with mandatory SASL signing) on LDAP Servers.
Another question here, typ
In KeyTab.java, if DEBUG is true, then System.out is written to.
In the readServiceKeys method (at about line 303), there is the following code:
System.out.println("Added key: " + entry.keyType +
"version: " + entry.keyVersion);
However, the string "version: " is missing a leading space, so
Hi Christoph,
that would work, but I don’t want to pollute this file with compiler specific
defines. In addition, I don’t like introducing a macro which works on some
platforms and does nothing on other ones (which is the case for hotspot’s
ATTRIBUTE_ALIGNED).
Because Windows 32 bit is the onl
Hi Severin,
not strictly a 8u "Reviewer" yet, but I've looked at your changes
(this one and 8232019) nevertheless :)
They both look good, except that I can not verify the new "cacert"
file because it is not in the patch (because it is binary). Not sure
if it is necessary to upload the whole file
Hello,
As I understand it, it is about the Extended Protection for Integrated Windows
Authentication (probably only GSSAPI/Kerberos and GSS-SPNEGO/SSPCred which is
not a OpenJDK mechanism).
In this case it includes Channel binding tokens into the subject information.
CBT are not per-se TLS sp
Here is a related bug
https://bugs.openjdk.java.net/browse/JDK-8208301 for ADFS.
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: Bernd Eckenfels
Gesendet: Mittwoch, Dezember 18, 2019 4:29 AM
An: security-dev@openjdk.java.net
Betreff: Microsoft LDAP Channel Bindin
