[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

This package fixes the bug for me, thank you very much :) Tested version: libsasl2-modules:amd642.1.27+dfsg2-3ubuntu1.1 libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-modules-gssapi-mit:amd64 2.1.27+dfsg2-3ub

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

Might have been confusing to write # kinit $ export LDAPSASL_CBINDING=tls-endpoint Both are supposed to be called from the same user. I meant to imply that an existing, valid ticket in the current user's credential cache is required for krb5 authentication via SASL in the ldapwhoami step. -- Yo

[Touch-packages] [Bug 1912256] [NEW] Missing channel binding prevents authentication to ActiveDirectory

Public bug reported: > Are you uncertain if your issue is really a bug? Effect is an authentication error. Root case is a "missing feature" (see below) and requires updating dependencies, downporting. > If you are certain this is a bug please include the source package the bug is > in. It's in

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

I should maybe add the following detail: Channel binding, from all I can tell, is only available via TLS (even conceptually). That is, the issue mentioned in the bug report only happens when using ldaps. In certain cases, it is therefore possible to work around the lack of channel binding by _not