| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Message-ID: <4BD07475.8040600@kickflop.net> Date: Thu, 22 Apr 2010 12:08:21 -0400 From: Jeff Blaine <jblaine@kickflop.net> MIME-Version: 1.0 To: Luke Howard <lukeh@padl.com> In-Reply-To: <7379EEF7-3359-47F5-8596-D4C2BEF1AEE6@padl.com> Cc: "krbdev@mit.edu" <krbdev@mit.edu> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: krbdev-bounces@mit.edu On 4/22/2010 2:45 AM, Luke Howard wrote: > On 22/04/2010, at 2:32 AM, Jeff Blaine wrote: >>>> * Is the client's IP address available in a preauth plugin? >>> >>> It doesn't look like it. >> >> My KDC preauth plugin wants to connect back to a service on >> the client host. >> >> So I guess I'm screwed as far as making this a KDC-side-only >> plugin? > > How about tunnelling the data in the KDC reply and having > the client send to the client-side service? Hi Luke, The goal is to make this KDC-only code and not require anything new from clients Kerberos-wise (see "screwed" comment above :)) If there's no way to get the client IP address from within a KDC-side preauth plugin (which would really be a bummer), the whole logic will change to a 'standard' model of preauth where the client will need to present the data in its reply (after querying the client-side service in question). _______________________________________________ krbdev mailing list krbdev@mit.edu https://mailman.mit.edu/mailman/listinfo/krbdev
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |