[38287] in Kerberos
Re: Kerberos and Apache reverse proxy
daemon@ATHENA.MIT.EDU (Dmitri Pal)
Sat Jul 14 20:02:22 2018
MIME-Version: 1.0
In-Reply-To: <8336wmf5u8.fsf@jochen.org>
From: Dmitri Pal <dpal@redhat.com>
Date: Sat, 14 Jul 2018 19:14:18 -0400
Message-ID: <CAOPuEqUrx+jS+iqhtnVDOxMy057rse0DhEN-0MGx7snwH=L_zg@mail.gmail.com>
To: Jochen Hein <jochen@jochen.org>
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Sat, Jul 14, 2018 at 6:51 AM, Jochen Hein <jochen@jochen.org> wrote:
> Dmitri Pal <dpal@redhat.com> writes:
>
> > Some hints on how to deal with proxy if you want Kerberos to work can be
> > found here.
> > https://ssimo.org/blog/id_019.html
> > I am not sure whether they are applicable to your situation or not.
>
> Thanks for the hint.
>
> > What you can do is try KDC proxy instead of the reverse proxy.
> > https://github.com/latchset/kdcproxy/blob/master/README
>
> That's for getting a kerberos ticket from you KDC via HTTP instead of
> port 88. I guess it wouldn't help here.
>
It depends how tickets are acquired and where the firewalls are.
>
> Jochen
>
> --
> This space is intentionally left blank.
>
--
Thank you,
Dmitri Pal
Engineering Director, Identity Management and Platform Security
Red Hat, Inc.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
