On 9/11/21 7:35 PM, Charles Hedrick wrote:
The hope is that the proxy will read requests and validate them. Thus passing through the proxy would be less dangerous that exposing port 88 directly. If that’s not true, we should consider the risks of making port 88 available, or give up.
I would be quite surprised if you can find an HTTP(S) proxy that will scrutinize CONNECT traffic going to Kerberos related services.
The thing that the proxy probably can do is authorization checking of who is allowed to do the CONNECT to Kerberos. E.g. authenticate to the proxy before issuing the CONNECT. Somewhat analogous to a VPN.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
