lukeh at padl.com
Fri Nov 20 03:53:30 EST 2009
On 20/11/2009, at 2:15 AM, Henry B. Hotz wrote:
> On Nov 18, 2009, at 9:03 AM, krbdev-request at mit.edu wrote:
>> I'm pleased to announce an IAKERB implementation for MIT Kerberos:
>> IAKERB allows clients that cannot reach a KDC to proxy credentials
>> acquisition via a GSS exchange with a service. This should reduce the
>> dependence on protocols such as NTLM and Digest outside the firewall.
> I applaud the availability of a solution. I bemoan the widespread,
> naive use of firewalls that creates the problem in the first place.
It sounds like it will be too late for 1.8, unfortunately, but I'd
love to hear from anyone that has an opportunity to test it.
The gss-sample application has been updated; you can test it with the -
iakerb and -user/-pass options to gss-client.
More information about the krbdev