[39374] in Kerberos
Re: Looking for a "Kerberos Router"?
daemon@ATHENA.MIT.EDU (Yoann Gini)
Wed Mar 13 10:55:52 2024
From: Yoann Gini <yoann.gini@gmail.com>
Message-Id: <4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Wed, 13 Mar 2024 15:54:28 +0100
In-Reply-To: <202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
> Le 13 mars 2024 à 15:52, Ken Hornstein <kenh@cmf.nrl.navy.mil> a écrit :
>
>>> One thing that leaps out at me is that by default a lot of Kerberos
>>> messages default to UDP transport so that might be a bit trickier to
>>> proxy them (but not impossible).
>>
>> Yes, that's another aspect of the issue, our expectations so far are on
>> support for TCP only clients. Since it's for mobile users that we are
>> looking to have this support, it shouldn't be an issue.
>
> I would caution you that I think that is something you're going to have
> to grapple with much sooner than you think.
>
> A long time ago we had developed a small Kerberos proxy that forwarded
> on Kerberos messages by prepending the source IP address/port to the
> UDP message (our KDC at the time was modified to recognize this
> and sent the prepended bytes back to the proxy so it could send it to
> the correct originator).
OK, did you had to support iOS and macOS endpoint on that context? (we are looking for Kerberos support for them, to use with Apple SSO Kerberos features)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
