[jboss-jira] [JBoss JIRA] (ELY-1330) Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible
Farah Juma (JIRA)
issues at jboss.org
Tue Aug 15 18:15:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma reassigned ELY-1330:
-------------------------------
Assignee: Farah Juma (was: Darran Lofthouse)
> Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible
> ---------------------------------------------------------------------------------------------
>
> Key: ELY-1330
> URL: https://issues.jboss.org/browse/ELY-1330
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Farah Juma
> Priority: Blocker
>
> Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case.
> Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible).
> This is a follow up to JBEAP-11396 and JBEAP-12231 which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on JBEAP-11396.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list