Proxy for Kerberos?

Derek Atkins warlord at MIT.EDU
Tue Jul 25 01:42:54 EDT 2006

Quoting Jiva DeVoe <jiva at>:

> Tell me if this is inherently wrong-thinking...
> I want to access a kerberos server that is behind a firewall without
> exposing the kerberos port to the internet.  So I want to proxy it
> through a tunnel.  I am guessing that Kerberos may have some sort of
> built-in preventative measures within itself to prevent spoofing or
> something like that which would cause this not to work.  Is this
> true?   If not, is there any reason this wouldn't work?

Why don't you want to expose the kerberos port to the internet at large?
Kerberos is a security service.  It's MEANT to be on the internet at


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list