IAKERB

Fri Nov 20 03:53:30 EST 2009

On 20/11/2009, at 2:15 AM, Henry B. Hotz wrote:

>
> On Nov 18, 2009, at 9:03 AM, krbdev-request at mit.edu wrote:
>
>> I'm pleased to announce an IAKERB implementation for MIT Kerberos:
>>
>> 	http://k5wiki.kerberos.org/wiki/Projects/IAKERB
>>
>> IAKERB allows clients that cannot reach a KDC to proxy credentials
>> acquisition via a GSS exchange with a service. This should reduce the
>> dependence on protocols such as NTLM and Digest outside the firewall.
>
> I applaud the availability of a solution.  I bemoan the widespread,  
> naive use of firewalls that creates the problem in the first place.   
> *sigh*

It sounds like it will be too late for 1.8, unfortunately, but I'd  
love to hear from anyone that has an opportunity to test it.

The gss-sample application has been updated; you can test it with the - 
iakerb and -user/-pass options to gss-client.

-- Luke