We are using requests-gssapi in cepces for Certificate Auto Enrollment. cepces stopped working against Windows Server 2025 because we do not have support for channel binding aka Extended Protection for Authentication. This is required by default now: https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
We moved from requests-kerberos to requests-gssapi some time ago. But looking at the changelog of requests-kerberos it got support for channel binding. Could you please implement it for requests-gssapi too?
Thanks
We are using requests-gssapi in cepces for Certificate Auto Enrollment. cepces stopped working against Windows Server 2025 because we do not have support for channel binding aka Extended Protection for Authentication. This is required by default now: https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
We moved from requests-kerberos to requests-gssapi some time ago. But looking at the changelog of requests-kerberos it got support for channel binding. Could you please implement it for requests-gssapi too?
Thanks