Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1330

Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 1.1.0.CR6, 1.2.0.Beta1
    • None
    • None
    • None

    Description

      Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case.

      Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible).

      This is a follow up to JBEAP-11396 and JBEAP-12231 which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on JBEAP-11396.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12689 Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              fjuma1@redhat.com Farah Juma
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: