ssh tunnel between two KDCs
Mauricio Tavares
raubvogel at gmail.com
Sun Dec 4 09:40:21 EST 2011
Let's say I have two KDCs, primary/master and the slave (cannot edit
database, password changing included) where master is behind a firewall
with NAT and the slave is in the external side. And am storing the
principals database in ldap. Now, I would like to synchronize between
master and slave. Now usually that would mean redirecting port 88 and
389 (doing tls) and tricking the slave by creating an entry in
/etc/hosts for the primary kdc.
Now, let's say I want to do the replication but using a ssh tunnel that
is created at the primary kdc and goes straight to the secondary kdc. At
first glance that sounds like recipe to disaster, but is it doable?
More information about the Kerberos
mailing list