Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible --------------------------------------------------------------------------------------------- Key: ELY-1330 URL: https://issues.jboss.org/browse/ELY-1330 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Farah Juma Priority: Blocker Fix For: 1.1.0.CR6, 1.2.0.Beta1 Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case. Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible). This is a follow up to JBEAP-11396 and JBEAP-12231 which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on JBEAP-11396.