Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5273
| From | Marco Rebhan <me@dblsaiko.net> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: Looking for a "Kerberos Router"? |
| Date | 2024-03-13 15:44 +0100 |
| Organization | TNet Consulting |
| Message-ID | <mailman.44.1710341106.2322.kerberos@mit.edu> (permalink) |
| References | <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com> <F2C79001-B1E0-4D8F-91BC-FC8260003282@dblsaiko.net> |
> On 13. Mar 2024, at 12:48, Yoann Gini <yoann.gini@gmail.com> wrote: > > Which allow us to have end to end TLS communication between our customers and their tenant. Which is mandatory for our mTLS. But without consuming one public IP per tenant to keep cost under control. > > Here with Kerberos, I'm wondering how we can achieve something equivalent, using a shared IP for multiple Kerberos realms and having the incoming requests routed to the appropriate backend by some kind of inspection. Set it up with a publicly routable IPv6 network, with one IP per tenant. You’re not going to run out of a /64 anytime soon, so the cost should stay constant. -Marco
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: Looking for a "Kerberos Router"? Marco Rebhan <me@dblsaiko.net> - 2024-03-13 15:44 +0100
csiph-web