[2360] in Kerberos_V5_Development
Re: kerberos through the firewall
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Sun Apr 20 18:50:37 1997
To: Mark Eichin <eichin@MIT.EDU>
Cc: Ken Raeburn <raeburn@cygnus.com>, krbdev@MIT.EDU
In-Reply-To: Your message of "19 Apr 1997 15:57:37 -0400 ."
<xe1ybaeaiq6.fsf@maneki-neko.cygnus.com>
Date: Sun, 20 Apr 1997 18:50:13 -0400
From: Bill Sommerfeld <sommerfeld@orchard.east-arlington.ma.us>
I think the datapoint that is missing is that the particular case
they're talking about going outbound through a firewall to a KDC
*outside* the firewall.. consider the specific case of a company
giving accounts in its realm to its customers so they can authenticate
to services it runs, and many of the customers live behind firewalls
which allow outbound HTTP but not other services..
I still think the proposal's an ugly kludge which should not seen the
light of day, but I haven't had a chance to write up the better
counterproposal which is sitting in my head..
- Bill
