heimdal http proxy

Grant Taylor gtaylor at tnetconsulting.net
Sat Sep 11 22:46:41 EDT 2021


On 9/11/21 7:35 PM, Charles Hedrick wrote:
> The hope is that the proxy will read requests and validate them. Thus 
> passing through the proxy would be less dangerous that exposing port 
> 88 directly.  If that’s not true, we should consider the risks of 
> making port 88 available, or give up.

I would be quite surprised if you can find an HTTP(S) proxy that will 
scrutinize CONNECT traffic going to Kerberos related services.

The thing that the proxy probably can do is authorization checking of 
who is allowed to do the CONNECT to Kerberos.  E.g. authenticate to the 
proxy before issuing the CONNECT.  Somewhat analogous to a VPN.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20210911/07667e37/attachment.bin


More information about the Kerberos mailing list