> On 13. Mar 2024, at 12:48, Yoann Gini <yoann.g...@gmail.com> wrote: > > Which allow us to have end to end TLS communication between our customers and > their tenant. Which is mandatory for our mTLS. But without consuming one > public IP per tenant to keep cost under control. > > Here with Kerberos, I'm wondering how we can achieve something equivalent, > using a shared IP for multiple Kerberos realms and having the incoming > requests routed to the appropriate backend by some kind of inspection.
Set it up with a publicly routable IPv6 network, with one IP per tenant. You’re not going to run out of a /64 anytime soon, so the cost should stay constant. -Marco ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos