Thank you, Christian.
As discussed with Andreas, I've added a cyrus-sasl2 task to this bug and
assigned him to it. This bug is probably going to involve modifications
on cyrus-sasl2 only; after channel binding has been implemented there,
we should be able to enable it in openldap by just rebuildi
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openldap (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912256
Title:
M
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: cyrus-sasl2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912256
Title:
** Also affects: cyrus-sasl2 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: cyrus-sasl2 (Ubuntu)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
** Changed in: cyrus-sasl2 (Ubuntu)
Assignee: Sergio Durigan Junior (sergiodj) => Andreas Hasenack (ahasenack)
Hi,
I'm revisiting bugs that have been dormant for too long trying to retriage them.
In this case the current situation to me looks like:
- openldap change 3cd50fa having landed in v2.5.8 and later
- cyrus-sasl change 975edbb6 still isn't in any release AFAICS
- that is odd as https://github.com
I should maybe add the following detail:
Channel binding, from all I can tell, is only available via TLS (even
conceptually). That is, the issue mentioned in the bug report only
happens when using ldaps.
In certain cases, it is therefore possible to work around the lack of
channel binding by _not
Thanks for taking the time to file this bug and try to make Ubuntu
better.
I subscribed ubuntu-server and Sergio who has been working on this stack
recently to investigate what you described.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
Might have been confusing to write
# kinit
$ export LDAPSASL_CBINDING=tls-endpoint
Both are supposed to be called from the same user. I meant to imply that
an existing, valid ticket in the current user's credential cache is
required for krb5 authentication via SASL in the ldapwhoami step.
--
Yo
