[38978] in Kerberos
Re: heimdal http proxy
daemon@ATHENA.MIT.EDU (Charles Hedrick)
Sat Sep 11 18:05:51 2021
From: Charles Hedrick <hedrick@rutgers.edu>
To: "Roland C. Dowdeswell" <elric@imrryr.org>
Date: Sat, 11 Sep 2021 22:03:09 +0000
Message-ID: <1515B331-E0D3-466C-B510-70FB2A98F29D@rutgers.edu>
In-Reply-To: <YT0N3mta3Vyh/5QB@arioch>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
At home I’m outside our firewall. We have an https proxy that works fine for MIT implementations, but not heimdal. Heimdal has an http proxy configuration available in krb5.conf, but that’s useless without an actual proxy server. I’m looking for an implementation of the proxy. I also don’t see any example of the format needed to define the proxy in krb5.conf.
An alternative is to open port 88 from the outside. I’m not sure how risky that actually is. The Kdc is a pretty mature piece of software.
> On Sep 11, 2021, at 4:13 PM, Roland C. Dowdeswell <elric@imrryr.org> wrote:
>
> On Sat, Sep 11, 2021 at 03:22:26PM +0000, Charles Hedrick wrote:
>>
>
>> I’d like to be able to use Kerberos SPNEGO at home. Unfortunately
>> the Mac uses Heimdal.
>>
>> We don’t currently explore our Kerberos servers to the Internet,
>> but we do have an https proxy for MIT kerberos. Heimal apparently has
>> its own HTTP proxy. Does anyone know of software to implement the proxy?
>
> Heimdal does support SPNEGO. Can you be more specific about what you
> are trying that is not working?
>
> Thanks,
>
> --
> Roland C. Dowdeswell https://Imrryr.ORG/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
