heimdal http proxy

Charles Hedrick hedrick at cs.rutgers.edu
Tue Sep 28 16:31:54 EDT 2021


If all the proxy is doing is forwarding content, it might work. But in that case it’s not obvious how much security we’re gaining by the proxy. It may be that just enabling access directly to port 88 would be as good. (I control the network, mostly.) Any sense how risky it is to expose port 88 to the internet?

> On Sep 12, 2021, at 12:53 PM, Grant Taylor <gtaylor at tnetconsulting.net> wrote:
> 
> On 9/12/21 5:49 AM, Jeffrey Altman wrote:
>> The answer is "yes", but someone would need to development the implementation and submit a pull request.
> 
> Here's a silly thought.
> 
> What about using something like socat to listen on local port 88 and have it use the upstream proxy via CONNECT requests (possibly with authentication) to reach the internal KDC, thus making the socat duck quack as if it's the KDC.
> 
> It's a bit of a hack.  But would it suffice for limited use?
> 
> 
> 
> -- 
> Grant. . . .
> unix || die
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list