[38983] in Kerberos
Re: heimdal http proxy
daemon@ATHENA.MIT.EDU (Charles Hedrick)
Sat Sep 11 21:37:49 2021
From: Charles Hedrick <hedrick@rutgers.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Sun, 12 Sep 2021 01:35:18 +0000
Message-ID: <AB004455-E81F-4489-A962-084C11B102CC@rutgers.edu>
In-Reply-To: <202109112307.18BN78lP029243@hedwig.cmf.nrl.navy.mil>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
The hope is that the proxy will read requests and validate them. Thus passing through the proxy would be less dangerous that exposing port 88 directly. If that’s not true, we should consider the risks of making port 88 available, or give up.
> On Sep 11, 2021, at 7:07 PM, Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
>
>
>>
>> Another use case is getting tickets for Mac users. We have a few users
>> that ssh into enough different hosts that they want to use kerberized
>> ssh. Unless we open port 88 to the outside, they have to install Mac
>> ports and use the MIT kinit.
>
> So they can't open port 88 to the outside, but port 88-via-80 is fine?
>
> --Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
