Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5407
| From | "Greg Hudson" <ghudson@mit.edu> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: IAKERB Starter Credentials Solution |
| Date | 2025-04-27 01:48 -0400 |
| Organization | TNet Consulting |
| Message-ID | <mailman.190.1745732919.2322.kerberos@mit.edu> (permalink) |
| References | <CAGMFw4jy=ceiETpLu9Aa1W0TYnjHedW3DMx7fss4XFrD-HzN=w@mail.gmail.com> <fa4f4827-2be9-442f-b1d6-47bc871aa4fa@mit.edu> |
On 4/26/25 10:39, Michael B Allen wrote:
> Another method would be to modify kinit to optionally authenticate with an
> IAKERB-aware service and cache the resulting TGT in the usual way.
>
> More specifically, add an option to krb5.conf like:
>
> [libdefaults]
> iakerb_idp = https://idp1.mega.corp/do/iakerb
If the goal is simply to tunnel an AS/TGS exchange over https using a
web server set up for that purpose, I think MS-KKDCP is a more natural
fit than IAKERB. See:
https://web.mit.edu/kerberos/krb5-latest/doc/admin/https.html
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: IAKERB Starter Credentials Solution "Greg Hudson" <ghudson@mit.edu> - 2025-04-27 01:48 -0400
csiph-web