heimdal http proxy

[Grant Taylor]

On 9/28/21 2:31 PM, Charles Hedrick wrote:
> If all the proxy is doing is forwarding content, it might work. But 
> in that case it’s not obvious how much security we’re gaining 
> by the proxy. It may be that just enabling access directly to port 
> 88 would be as good. (I control the network, mostly.) Any sense how 
> risky it is to expose port 88 to the internet?

I was assuming that the proxy would have it's own authentication 
requirements.  Thus the proxy would act somewhat like a bouncer in front 
of the KDC.

Somewhat like putting the KDC behind a VPN or SPI w/ port knocking.  -- 
Allow people that have some modicum of knowledge access to the KDC while 
preventing any Joe Random on the Internet from accessing the KDC.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20210929/d45cbb10/attachment.bin