[jboss-jira] [JBoss JIRA] (ELY-1330) Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible
Darran Lofthouse (JIRA)
issues at jboss.org
Wed Aug 16 12:26:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated ELY-1330:
----------------------------------
Fix Version/s: 1.2.0.Beta1
> Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible
> ---------------------------------------------------------------------------------------------
>
> Key: ELY-1330
> URL: https://issues.jboss.org/browse/ELY-1330
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Farah Juma
> Priority: Blocker
> Fix For: 1.1.0.CR6, 1.2.0.Beta1
>
>
> Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case.
> Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible).
> This is a follow up to JBEAP-11396 and JBEAP-12231 which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on JBEAP-11396.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list