Current semantics for channel-bindings in GSSAPI

Isaac Boukris iboukris at
Sat Mar 21 06:45:49 EDT 2020

On Fri, Mar 20, 2020 at 10:19 PM Isaac Boukris <iboukris at> wrote:
> BTW, it looks like both Heimdal/MIT do not handle the bindings in the
> DCE style case, so we'd just not return channel-bound in that case.

Actually, that seems wrong. I think the bindings are checked in the
first leg of authentication, so perhaps we should keep the
channel-bound flag on the context and return it by the end (although
i'm not sure an outer channel is relevant).

More information about the krbdev mailing list