heimdal http proxy
Grant Taylor
gtaylor at tnetconsulting.net
Wed Sep 29 15:41:31 EDT 2021
On 9/28/21 2:31 PM, Charles Hedrick wrote:
> If all the proxy is doing is forwarding content, it might work. But
> in that case it’s not obvious how much security we’re gaining
> by the proxy. It may be that just enabling access directly to port
> 88 would be as good. (I control the network, mostly.) Any sense how
> risky it is to expose port 88 to the internet?
I was assuming that the proxy would have it's own authentication
requirements. Thus the proxy would act somewhat like a bouncer in front
of the KDC.
Somewhat like putting the KDC behind a VPN or SPI w/ port knocking. --
Allow people that have some modicum of knowledge access to the KDC while
preventing any Joe Random on the Internet from accessing the KDC.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20210929/d45cbb10/attachment.bin
More information about the Kerberos
mailing list