On 10/16/21 1:31 PM, Markus Moeller wrote:
I think you talk about a kdc proxy, which is for another case.
I don't think so. I'm not talking about using a proxy to access the KDC. I'm talking about using a component of the following scenario:1) Client uses traditional username and password to authenticate to an IMAP server. 2) IMAP server uses the provided credentials to request some sort of ticket (I don't remember what type) on the user's behalf. 3) IMAP server uses the ticket on the user's behalf to access the user's messages stored on an NFS server.
I'm suggesting that the proxy1 (from the other message) do something on the user's behalf to request a ticket for the user that proxy1 can then use to authenticate as the user to proxy2.
It's been quite a while since I've read about this so I may be completely wrong. But I distinctly remember there was a way to have an intermediate (e.g. IMAP) server accept username and password from clients and access a backend file server on the client's behalf in such a way that the backend server saw normal kerberized connections.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
