Authentication Service, Privilege Elevation Service
Operating Systems
All
Service
Centrify Infrastructure Services
000026740
This article discusses the Security Advisory ADV190023 from Microsoft about LDAP channel binding and LDAP signing requirements for Windows and if those requirements will affect Centrify.
Question:
Does the Microsoft Security Advisory ADV190023 about enforcing LDAP Channel Binding and LDAP Signing for Windows affect Centrify?
Answer:
No, those requirements for LDAP Channel Binding and LDAP Signing from Microsoft will not affect Centrify.
1. LDAP channel binding (TLS/SSL) does not apply to adclient, it is using LDAP port (389), not LDAPS (636). Adclient LDAP connection to a Domain Controller is by GSSAPI (Kerberos). Traffic encryption is also by GSSAPI Privacy (This can be seen in a Network trace).
2. Adclient LDAP binding has always supported LDAP signing.
Additional Information: (3rd party links are provided as a courtesy and Centrify is not responsible for the availability or content in those links)