IZ64838: JGSS/KRB5 SHOULD IGNORE REMOTE CHANNEL BINDING INFO WHEN NOT REQUESTED AT LOCAL SIDE.
Closed as program error.
Envt: IBM JDK 150 on SOLARIS problem description: JGSS/krb5 should ignore remote channel binding info when not requested at local side (RFC 4121 184.108.40.206: the acceptor MAY ignore...). All major krb5 implementors implement this "MAY", and some applications depend on it as a workaround for not having a way to negotiate the use of channel binding -- the initiator application always uses CB and hopes the acceptor will ignore the CB if the acceptor doesn't support CB. Affected JVMs: All, JDK6.0, JDK1.5.0, JDK1.4.2 Other Notes: http://bugs.sun.com/view_bug.do?bug_id=6851973
Level 3 to update
SPNEGO SSO no longer works after Microsoft security update including Microsoft Security Advisory (973811) Customer reported this problem on following JAVA: Java version = J2RE 1.5.0 IBM J9 2.3 Windows 2000 x86-32 j9vmwi3223ifx-20080811 (JIT enabled) J9VM - 20080809_21892_lHdSMr JIT - 20080620_1845_r8 GC - 200806_19, Java Compiler = j9jit23, Java VM name = IBM J9 VM
ignore incoming channel binding if acceptor does not set one. Affected JVM 142, 50, 60 ibmjgssprovider.jar This fix will be in Java 142 sr13 fp4 The build date is 20091110. Hursley defect number is 159669. Java 150 SR 12 and 150 SR11 FP1 The build date is 20091202. Hursley defect number is 159669. Java 6.0 SR8 and Java 6.0 ifix, The build date is 20091202. Hursley defect number is 159669.
Reported component name
TIV JAVA GSS-AP
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
TIV JAVA GSS-AP
Fixed component ID
Applicable component levels
More support for:
Tivoli Components - Java Security
Software version: 100
Reference #: IZ64838
Modified date: 29 April 2010