Kerberos use with a transparent security device
Ian Puleston
ian at underpressuredivers.com
Fri May 19 14:39:53 EDT 2006
Hi,
I have a question as to whether Kerberos can be used to authenticate to a
transparent network device such as a security appliance or firewall. Say you
want the device to authenticate traffic as originating from a signed-on user
before letting it pass, but the presence of the device is transparent to the
users.
My understanding, from reading the Kerberos standards, is that the
Client/Server authentication exchange begins with a KRB_AP_REQ from the
client, which means that the client must know of the presence of the server.
Indeed there must be some mechanism whereby the client knows to initiate the
exchange and send the KRB_AP_REQ. But in the scenario that I have described
above, where the "server" is a transparent device on the network, that would
not be the case.
So, is there any way that Kerberos can be used to authenticate a client to
such a transparent device?
Ian
More information about the Kerberos
mailing list