Looking for a "Kerberos Router"?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Mar 13 11:07:25 EDT 2024
>> A long time ago we had developed a small Kerberos proxy that forwarded
>> on Kerberos messages by prepending the source IP address/port to the
>> UDP message (our KDC at the time was modified to recognize this and
>> sent the prepended bytes back to the proxy so it could send it to the
>> correct originator).
>
>OK, did you had to support iOS and macOS endpoint on that context?
>(we are looking for Kerberos support for them, to use with Apple SSO
>Kerberos features)
This WAY predated iOS! (the proxy was for the Kerberos 4 protocol) But
I can say with certainty that the MacOS X Kerberos libraries (based on
Heimdal) will default to UDP in many cases. And on MacOS X you can run
into a case where you might be using a different Kerberos implementation
than the operating system libraries.
--Ken
More information about the Kerberos
mailing list