I’d like to be able to use Kerberos SPNEGO at home. Unfortunately the Mac uses
Heimdal.
We don’t currently explore our Kerberos servers to the Internet, but we do have
an https proxy for MIT kerberos. Heimal apparently has its own HTTP proxy. Does
anyone know of software to implement the proxy
Hello Charles,
> I???d like to be able to use Kerberos SPNEGO at home. Unfortunately the Mac
> uses Heimdal.
SPNEGO has really a low security level. I am surprised this is considered
acceptable for a https proxy.
We are working on two better solutions, with software that classifies only
littl
On Sat, Sep 11, 2021 at 03:22:26PM +, Charles Hedrick wrote:
>
> I’d like to be able to use Kerberos SPNEGO at home. Unfortunately
> the Mac uses Heimdal.
>
> We don’t currently explore our Kerberos servers to the Internet,
> but we do have an https proxy for MIT kerberos. Heimal apparently h
At home I’m outside our firewall. We have an https proxy that works fine for
MIT implementations, but not heimdal. Heimdal has an http proxy configuration
available in krb5.conf, but that’s useless without an actual proxy server. I’m
looking for an implementation of the proxy. I also don’t see a
My use case is a few web applications. Linux user group management, editing our
wiki, and responding to help desk tickets. Generic web apps that I would like
to use at home. We support CAS, but our university CAS server has disabled SSO.
Since I already have a Kerberos ticket to use ssh, it woul
Another use case is getting tickets for Mac users. We have a few users that ssh
into enough different hosts that they want to use kerberized ssh. Unless we
open port 88 to the outside, they have to install Mac ports and use the MIT
kinit. While it seems simple to me, it’s not for real users. If
Implementing Squid Proxy Server on Ubuntu should work out for you. I found
a Google article on it.
Sent from my iPhone
> On Sep 11, 2021, at 2:24 PM, Yegor Matsekha wrote:
>
>
> I’m a Respiratory Therapist however I like working bees and felling
> dead/ diseased trees.
>
>
>
>
The hope is that the proxy will read requests and validate them. Thus passing
through the proxy would be less dangerous that exposing port 88 directly. If
that’s not true, we should consider the risks of making port 88 available, or
give up.
> On Sep 11, 2021, at 7:07 PM, Ken Hornstein wrote:
>Another use case is getting tickets for Mac users. We have a few users
>that ssh into enough different hosts that they want to use kerberized
>ssh. Unless we open port 88 to the outside, they have to install Mac
>ports and use the MIT kinit.
So they can't open port 88 to the outside, but port 88-
Thank you for the information however this technical language is beyond my
computer skill. If you don’t mind then may I observer your meeting in these
emails ?
Sent from my iPhone
> On Sep 11, 2021, at 6:43 PM, kerberos-requ...@mit.edu wrote:
>
> Send Kerberos mailing list submissions to
On 9/11/21 7:35 PM, Charles Hedrick wrote:
The hope is that the proxy will read requests and validate them. Thus
passing through the proxy would be less dangerous that exposing port
88 directly. If that’s not true, we should consider the risks of
making port 88 available, or give up.
I would
11 matches
Mail list logo
