[jboss-jira] [JBoss JIRA] (ELY-1330) Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible
Josef Cacek (JIRA)
issues at jboss.org
Thu Aug 10 09:24:00 EDT 2017
Josef Cacek created ELY-1330:
--------------------------------
Summary: Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible
Key: ELY-1330
URL: https://issues.jboss.org/browse/ELY-1330
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Priority: Blocker
Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case.
Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible).
This is a follow up to JBEAP-11396 and JBEAP-12231 which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on JBEAP-11396.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list