[30461] in Kerberos
Re: Kerberos protocol transition for linux?
daemon@ATHENA.MIT.EDU (S2)
Wed Nov 19 12:58:19 2008
Date: Wed, 19 Nov 2008 17:45:35 +0100
From: S2 <some.r@ndom.mail.invalid>
MIME-Version: 1.0
In-Reply-To: <mailman.1.1227110900.25688.kerberos@mit.edu>
Message-ID: <492442fa$0$1081$4fafbaef@reader2.news.tin.it>
X-Complaints-To: Please send abuse reports to abuse@retail.telecomitalia.it
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Michael B Allen wrote:
> If you have PHP see the link in my sig about Plexcel. It certainly
> could do what you describe.
The back end services are a mix of Java, .NET, php and rails apps (on
windows and on linux servers), so the proxy should be language
independent and not require a module on the application server side.
I am not sure I understood from the pdf how Plexcel works.
All application servers can already speak SPNEGO, so that should be used
to forward the Kerbeos credentials over HTTP (I did read SPNEGO on that
page, but I am not sure how it is used).
So what we would like to do is (fixed font required):
O
\|/ +-------------+ +-------------------+
| -------> | Magic proxy | ------> | Protected Service |
/ \ HTTP +-------------+ SPNEGO +-------------------+
User ^
from the |
Internet |
v
+-----+
| KDC |
+-----+
Do you think Plexcel could be the "Magic Proxy" Box?
> PS: The '.invalid' address in your email actually stops gmail from
> sending directly to you. You might want to try a valid TLD.
That email account is not valid anyway.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
