On 9/11/2021 11:22 AM, Charles Hedrick (hedr...@rutgers.edu) wrote:
> I’d like to be able to use Kerberos SPNEGO at home. Unfortunately the Mac
> uses Heimdal.
One premise of this thread is that Apple uses Heimdal as developed at
https://www.heimdal.software/ aka https://github.com/heimdal/
On Sun, Sep 12, 2021 at 07:49:57AM -0400, Jeffrey Altman wrote:
> On 9/11/2021 11:22 AM, Charles Hedrick (hedr...@rutgers.edu) wrote:
> > We don’t currently explore our Kerberos servers to the Internet, but we do
> > have an https proxy for MIT kerberos. Heimal apparently has its own HTTP
> > pro
>The hope is that the proxy will read requests and validate them. Thus
>passing through the proxy would be less dangerous that exposing port 88
>directly. If that’s not true, we should consider the risks of making
>port 88 available, or give up.
I'm curious as to exactly what validation for reque
On 9/12/21 5:49 AM, Jeffrey Altman wrote:
The answer is "yes", but someone would need to development the
implementation and submit a pull request.
Here's a silly thought.
What about using something like socat to listen on local port 88 and
have it use the upstream proxy via CONNECT requests (
