[39375] in Kerberos
Re: Looking for a "Kerberos Router"?
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Wed Mar 13 11:07:35 2024
Message-Id: <202403131507.42DF7PwP016768@hedwig.cmf.nrl.navy.mil>
To: Yoann Gini <yoann.gini@gmail.com>
cc: kerberos@mit.edu
In-Reply-To: <4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
MIME-Version: 1.0
Date: Wed, 13 Mar 2024 11:07:25 -0400
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>> A long time ago we had developed a small Kerberos proxy that forwarded
>> on Kerberos messages by prepending the source IP address/port to the
>> UDP message (our KDC at the time was modified to recognize this and
>> sent the prepended bytes back to the proxy so it could send it to the
>> correct originator).
>
>OK, did you had to support iOS and macOS endpoint on that context?
>(we are looking for Kerberos support for them, to use with Apple SSO
>Kerberos features)
This WAY predated iOS! (the proxy was for the Kerberos 4 protocol) But
I can say with certainty that the MacOS X Kerberos libraries (based on
Heimdal) will default to UDP in many cases. And on MacOS X you can run
into a case where you might be using a different Kerberos implementation
than the operating system libraries.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
