[4273] in Kerberos
Kerberos and Firewalls
daemon@ATHENA.MIT.EDU (Doug Rosenthal)
Fri Dec 2 10:21:32 1994
To: kerberos@MIT.EDU
Date: Fri, 2 Dec 1994 15:00:57 GMT
From: rosenthl@krypton.mcc.com (Doug Rosenthal)
Does anyone know of any existing work on how to handle the
Kerberos protocol across firewalls? I'm referring to dual-ported
bastion hosts running application gateways, as opposed to filtering
routers (which aren't a problem). E.g., the client is behind a
firewall, and/or the server is behind a firewall, and/or the KDC is
outside the firewall.
A lot of issues arise in these scenarios, including failure of the
connection/ticket client-address check (on the server-side) due to the
dual-ported nature of the firewall, and needing a Kerberos protocol
gateway if the KDC is not inside the firewall.
--
Doug Rosenthal
MCC EINet | Email: rosenthal@mcc.com
3500 W. Balcones Center Dr. | Voice: 512-338-3515
Austin, TX USA 78759 | Fax: 512-338-3897
