MS IWA - extended protection - SSPI - channel binding
Jeffrey Altman
jaltman at secure-endpoints.com
Thu Aug 27 15:26:39 EDT 2009
Markus Moeller wrote:
> I am reading the MS article about IWA and extended protection
> http://msdn.microsoft.com/en-us/library/dd639324.aspx and wonder if this
> affects GSSAPI based applications like Apache with mod_auth_kerb ? Does
> this mean MS has added channel bindings to SSPI ?
>
> Unfortunately I don't have Windows 7 to test.
>
> Thank you
> Markus
You do not need Windows 7. The change was backported all the way to XP
SP2 and the update was pushed as critical two weeks ago.
When activated GSS-API over TLS will use channel bindings if the
application requests extended protection.
Jeffrey Altman
More information about the Kerberos
mailing list