>Here with Kerberos, I'm wondering how we can achieve something >equivalent, using a shared IP for multiple Kerberos realms and having >the incoming requests routed to the appropriate backend by some kind of >inspection.
I think that is certainly _possible_, but I don't believe there is anything that does that today. You'd have to parse the Kerberos message (which is ASN.1 and there are plenty of things that can handle that) and extract out the realm of the server principal and route the message appropriately. One thing that leaps out at me is that by default a lot of Kerberos messages default to UDP transport so that might be a bit trickier to proxy them (but not impossible). --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos