Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5274
| From | Ken Hornstein <kenh@cmf.nrl.navy.mil> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: Looking for a "Kerberos Router"? |
| Date | 2024-03-13 10:52 -0400 |
| Organization | TNet Consulting |
| Message-ID | <mailman.45.1710341556.2322.kerberos@mit.edu> (permalink) |
| References | <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com> <202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil> <581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com> <202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil> |
>> One thing that leaps out at me is that by default a lot of Kerberos >> messages default to UDP transport so that might be a bit trickier to >> proxy them (but not impossible). > >Yes, that's another aspect of the issue, our expectations so far are on >support for TCP only clients. Since it's for mobile users that we are >looking to have this support, it shouldn't be an issue. I would caution you that I think that is something you're going to have to grapple with much sooner than you think. A long time ago we had developed a small Kerberos proxy that forwarded on Kerberos messages by prepending the source IP address/port to the UDP message (our KDC at the time was modified to recognize this and sent the prepended bytes back to the proxy so it could send it to the correct originator). --Ken
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: Looking for a "Kerberos Router"? Ken Hornstein <kenh@cmf.nrl.navy.mil> - 2024-03-13 10:52 -0400
csiph-web