Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"In the fight between you and the world, back the world." -- Frank Zappa

devel / comp.protocols.kerberos / Re: heimdal http proxy

SubjectAuthor
o Re: heimdal http proxyCharles Hedrick

1
Re: heimdal http proxy

<mailman.9.1631410525.13452.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=135&group=comp.protocols.kerberos#135

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.pch.mit.edu!not-for-mail
From: hedr...@rutgers.edu (Charles Hedrick)
Newsgroups: comp.protocols.kerberos
Subject: Re: heimdal http proxy
Date: Sun, 12 Sep 2021 01:35:18 +0000
Organization: TNet Consulting
Lines: 15
Message-ID: <mailman.9.1631410525.13452.kerberos@mit.edu>
References: <87sfyq9qtg.fsf@hope.eyrie.org>
<58C9CD4B-C68A-4480-BFD8-29DC38D8C22A@cs.rutgers.edu>
<20210911182248.GA7118@openfortress.nl>
<04863A7D-342E-42B0-B71A-D5816D9C22E8@rutgers.edu>
<202109112307.18BN78lP029243@hedwig.cmf.nrl.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="pch.mit.edu:18.7.21.50";
logging-data="3206"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=gWsUjGDyek07RgLwZlqR6EkC6rUUJVndf57RlMbmdCgJSSCxbwXnMKpnq8JzWxWXiSdxDQd+4FGAimZYdGopmkkWRDYscAa42kJvshCVevnyK8ckWKHzT/HwDmPAWtkpQTlQ3jgGjq1/2a6rXZ4WTAdVxyO3NqaS4vo1YzxL5KqlbS8m+C34wZtfOQZG6Q53niGpiMxjsmyh+8CdYKg1ZlXWUpoNprsg19lr+ZZ97eUAgJGVYs28lGnRLKH72MyMF8BHsrv+Dw8TIV+Y/8kRFH5nH7sRItMfBFbZoifPqqFi6epCsPoF3KLGQuz4/ut83V8XzQli0X2r7TwgGRuVyA==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=04Vf/NJBz3QSzQY37Tn3ksd2+Ek4rZASuSvfMDhTYhg=;
b=VaTUPLVfGditBPDgIxswv9Ru/5H5xDO3aDkdJe5Fdayc5mQRvOCQAe/gMCYAgyoZALtbzSEVHRtK5srRBofivRb0QRmcJor2VLzT8BlBZcDpa4yYdHjjnUZAHytdpLnud8Nk2A1Qb7NiLHvj4RvtnRcGpH7nW03A2GA+wxL9T+qULi/CsDs7rwyy+G1wKhm99XhNXY0z5w9vf4nTZqyna8IeHRj+YoMQpdJQM5+1044GZTKo7m9LQURD3M/e6A/kHv9TPIb/9IvvAtK5oLnKkqcjPNSPF9bkHKPuoJb9TCAOOHVXAFdxxbPbmP5IKNAlNXnhLPBAZygFJvAQiOsudg==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=none (sender ip is
40.107.94.100) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=bestguesspass action=none header.from=rutgers.edu;
dkim=pass (signature
was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=04Vf/NJBz3QSzQY37Tn3ksd2+Ek4rZASuSvfMDhTYhg=;
b=olZh2F9WeNxl5x5G9hNybjJM4Lf7vgjDC1s+Tp54ezjEJ4ORnJKWU0h6X7K3hk0Ka4fOT6AoDD++4mM9Fhhr5lLXeydtcHakC2MdIKtqZe8xROhOxZT2hDuWybtIJxxANPcUtMo4I8xoC3ClriTMSMGezMuTqMi932CjkdltCaE=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=cygxw5/9OKYSawcqce5PvzUZZlxBZMc/7uFFY4nBUf5tu/0OPCspBOsatEuiGmp7i3+mPDC3OmshdQumLuLLZQQZUdnBCC8KuOV/fxm3YzYwRwU+E9PzcU2irNO2qFA+Xdw4cUtcUvr3boGvPcNi2keqBTKu7Ha4WGKFnnhERZI7aE0H1JUJGs4JDv66NH6B6BkUA9C5UEB4JLhalEn32ht/x4rDNVLuZ2ehfPEe1oEkOaUDvo6k6bZaZSPG3xXqI6Wgt/mULsvmJOb+ZAWqaiWk+f9OduZqEi1WfFlHrRDFEIO71/W/8ca6aWWnoBVkIm5sGUfFn+I8/8v1jX+97Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=04Vf/NJBz3QSzQY37Tn3ksd2+Ek4rZASuSvfMDhTYhg=;
b=ig03g8ZtiXOsgDFg4V1GvMgGJXUY5iwWoeKTrCs2lC7QbUPfGNPs5n2LKf7xgwZooRHzu31lxvJD35Hv8ILull5lg+CzWo+N4q4KwJZKnTDCf/Y/2fyPqevJGNCgHTVKWuaqts926kRtfRHkMvavJChpkBv2Mr56jRiJ4noDUnzW0+UGAiyCgMkZVsBaHA6B06XAuXzoNdk/2kO1eKhBZO/4b0eIZo2673Rk8TOgW5Jq45ZgOAG4IMLOV+N1zTOuapFYgGqxwbGrNAoVSWT3sy+j7IwXy6XYwyFOzXoDl7c4U/GNdy/r8z3YBwTrPMuC4SzZBQOwMQXmwPAJJ/FG5w==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=none (sender ip is
40.107.94.100) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=bestguesspass action=none header.from=rutgers.edu;
dkim=pass (signature
was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
Authentication-Results: spf=none (sender IP is 40.107.94.100)
smtp.mailfrom=rutgers.edu; mit.edu; dkim=pass (signature was verified)
header.d=rutgers.edu;mit.edu; dmarc=bestguesspass action=none
header.from=rutgers.edu;
Received-SPF: None (protection.outlook.com: rutgers.edu does not designate
permitted sender hosts)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=PXLi2Z339077y4KnEMp0zqwCphM/MxEOjifi58nRUUmTMvWSAaiQ0bQ8Aqrqm/plttK0Tp+XQ9+6HHMe35WiVpOE9/mwOTejqGZ4WGT+gj1uZPQy08Dnk1GWWEIN4MrZuFnKuCidRXvfydQ92yfNs8uUU0L76LlF8L3tkZ1l3wob2yaoGCr1OLk0BSc/BPt5fMwO4WiOP91PUoYHW84LQzsxQ6dsu3hqzTaauPyESOQvgFFUaI2BKW8u0x/PUiLo6lwQPGz+iUMcl9ecB5oMjhhIod/8SSJop5CCiRCfxrk8p7+FBFBXErgLuAzQb/xtZzsuOF3Gvk6gEnhwYPWVew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=04Vf/NJBz3QSzQY37Tn3ksd2+Ek4rZASuSvfMDhTYhg=;
b=O8+zYGpjjRyux+PWKJcTbohqUHCrz5kDVpt214cH0TEWtKZoqqCJ/TrtPEpKrPnlIHH7R4uud4ZgkLeSu6FCP1Yq6v5wjJLKckIB+Rr+sWSzOstfqaM3q6KBIWXqrlN4eml/mQ348N6sluVOY3O3P6APnW/B43WtOpfwUuR11puX8yc0c+OmNgv6LbzsONt4iKcyw8l76IS2kz25waxgnCRYUKaftcrWjekjQTlwCiJTzrLHhZJriEEcP7nIHCnK8onmqm1Fw2ROo72zZT1j0wJZlac4pduyemh7vy1n0I7gnFny0T++VyLq0S2zefPqIRY9GOcW+NDWdfTJcf3Vkg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=rutgers.edu;
dmarc=pass action=none header.from=rutgers.edu;
dkim=pass header.d=rutgers.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rutgers.edu;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=04Vf/NJBz3QSzQY37Tn3ksd2+Ek4rZASuSvfMDhTYhg=;
b=qXkLOB0wAKFJNb4W6rIm/WWiz9cObl1rjNbvMCUbz5o9boCz1vlIaso9TOdhMi3629wWdrAUPAW0PsBZlD4VXKLg21sMbzRZwMnMft9wucpndo31wOYot7cf9sHEdr8wIc1Y0UDb/eCAG4jxSTib+RrSFzKQJnJde8N4mgRzMD8=
Thread-Topic: heimdal http proxy
Thread-Index: AQHXpyDTlq3JcZyFvkOkcnXIr3wvWaufJcoAgABGJ++AAAk9gIAAKXPL
In-Reply-To: <202109112307.18BN78lP029243@hedwig.cmf.nrl.navy.mil>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: mit.edu; dkim=none (message not signed)
header.d=none; mit.edu; dmarc=none action=none header.from=rutgers.edu;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 5b13b8e8-70da-4e22-ccd5-08d9758d958b
x-ms-traffictypediagnostic: BL0PR14MB2466:|CO6PR01MB7467:
X-Microsoft-Antispam-PRVS: <CO6PR01MB746747727F45A787ABCC6A72AAD89@CO6PR01MB7467.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: F/xe0lPkAuBlInMUU5i1Rtbfu8495XOA9cO/GHq8Yfpb5nsD4KvZEPyyyP7nvqr4VCctRZDEIw96cqkuydunt4I1WEvaDB+LiuLBlCNp+vWpUIXyZSiurmX3wiMi0pqCXea6G6JdC5mdx2j6FvpGckhaVUPOqood4/rtc8mUI+U1A44SjFEV2lZryMd4tqMbvcO4Uag25si+cm6aY04AQlc+SPytIPL0DXD4DG1EZ1fPEP2sL8ethymjkdIT8YxHEE6aNtNO2klmZZmOGg7YngSTqu8RULA1tGzxlpndpJKtyin6abTrbYBSllf0KM7/WDspNF6oIccLKNWkWZ8+6YghMjfV3kSzElLr0BbgILKqEoPHtH3LzLxxwPO/qUDAfTVSoMPK4vI6blhcwBibHy7DWJpBK0rYnq91hVmKnO0wE/J5wCTaVfqpMBLez1l7aHI21fm5iRolarbau6VEDSwQ+605kfgHCDmLNaX53tlgOGs59WtL0UxvZ98STMNpq+WdRzaNPsG9yHTQ52giJ3p9Wz7+FMfRLfqFL4fonbiUjS1org1ZypWvNVUxtWTFO0xEyCYx23cHMZKZMS5i0+IcLQeyreCjhV8g4oQ+2+3+qBxZaSuUk1GHiwtu5zWUFeLrQepL7m9/39DsDWB1k0J85fzW55PcVVQ60s082zYSBg2lHQNgd0YH5D2gAroYs4B0nT+ZDNkDF9qtwbRdahwWoki2OrJDO3i0cWA7kjs=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM;
H:BL0PR14MB3588.namprd14.prod.outlook.com; PTR:; CAT:NONE;
SFS:(4636009)(39850400004)(396003)(376002)(136003)(346002)(366004)(64756008)(66556008)(66476007)(66946007)(76116006)(66446008)(71200400001)(38070700005)(6916009)(8676002)(36756003)(2906002)(478600001)(38100700002)(122000001)(316002)(53546011)(186003)(75432002)(7116003)(3480700007)(4744005)(86362001)(6512007)(33656002)(83380400001)(4326008)(2616005)(8936002)(6506007)(5660300002)(6486002)(45980500001);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: z9+moPEm216yd8CUBagRpDGoWXqZMJ5yOycd2ffGuwnpp
hD5gCi8ImV6/HQ3XtDVNLKZqJUwaE+WXeXdtNSW49yFGu
gpLyoXXTyb+NjQ/WX/pgYkcYsadSu7yQFsTO6pHccqdfQ
t+xOrJpfnLiNKFmpq2AoVU2TvKUJPrZRarKdZvvR9CP38
cvbAihfQFTVivZWxn+jO1GPTyX9zHhK/QwyZkgo7sxpNB
n8+Rz6DbHTyYj7IGKw/0BYfcAAPaClvpF0f3MShmL75+u
yEzCqzxHTmGw7v1779EDI/OuIeMyI9d0Fz87N2+6BMCXI
vYfLpiHZT2VHEDc0FflwHiYa+mXjULOgBA9xunkVZ6W3Q
BIaXR3HMifktu0/7lQhMf/i7d6eQc3RB2leNrJW+3YH+C
RmrDniDLFk1GITGN+xpyxPbD0Z/TkHQhGNY59uoPNpHfx
bW6BUkUK43DVG/mws/ordlNR5HVTB+lIhCrRTn7R3o+un
uZUifPcHhRF5+Hr2fOsaZ9f9KPGOmenRuC+DKXG/Q5Y8d
+Urb4mmWFPgPq0Xs2Wa24qD9Di6caeHVjSutPR1SaxOSC
1fTUo9VQ62GREAC6GdskrxzAz2TGKru5pG63xQePfZNuH
QDMs/Cr0Qw8lCUPGPIilODnDZ2U9xgqX6SohzHcCZtgc8
PISHa+z+O8Br/w4FoCr2V/Jimg3KaycYSkwZD3fTdjbtO
7h4hR8PjNCbxezjyY+UMoXOEtKBPaxZUdpp9+X2pZJ/BW
09XSibtY+pLO9bKHgqUuw84/TK+PfMHDuPq2TQnU6tyU3
0HbBHzyzep5zKR91N8bwxYky7qhwmbVZsaPonKNb4NQ5L
5NDb1gpOgYU1l/160SZ97KJeO50zJ8DVLCd9DwLc6k5jY
qENOXRmdAWlM8QwGVfYZ2LdlgWTB37Ygr8ClMhxyjeKqd
FbFH2ckURl7aMO3je96bRFsc68BPfWpFy0yddgCoo3+cz
G4uDBPSy37vvGPFq0OR1U2j90Ji9dltPy/edXXhN6X6KX
G1//6JEXPn52GsFbmHBOZItro/SX9iGc3cTxQo151vdlU
K0l/5aZIwvsANQff8DknxgPpSIyclNpTUNNTiwpqW6E2M
t/IIOwkOoxy2dBsoutK5FLEfTGdENhTaolKscDfIhOl8m
a+VQwTq+O7g9EsROpre+OhIXeCaniGFP6XhaiG41eEpy/
k5hxhL58VWf0k/EwzqqY2VoCPVdRfdW4qCpNDOsmPQHn3
ryO12tel3yv33msrkLQvxQe3yvHUZx4v8Zap03E6Bvehe
1lprdvsguUKF5/WESKirGrewPkXkpZ9Z+ubJDfP
x-ms-exchange-transport-forked: True
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR14MB2466
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DM6NAM11FT010.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: DM6NAM11FT010.eop-nam11.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 7d24dda5-86ad-4030-5392-08d9758d944b
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: c4yzAhAsbPX869GqrKvXPzhIOTR2V8eeLx4ShCvTqzq7PbnE9mtPGRfZHlphnMk55DUVKR3/lqy2n6RDoKTynZ4QBhVVmWDShGtPTFzgEF++eIEpfSAdGieDnVcAkIm88GNpNo3sqgedBIHdTnsHX33lziH5+xG2lIbfUEDML9VNRzBIAFd6vJISrSFtru5mcXW4UXiGaJSyfsjjOclmM+n50jbyEUPR7OoOZEd5kUCPlhUykAq6VMFpaln3pkUyjKcxq4OUJgxnfgP826FyWalSXtSwoKKT9J1yq6hI2OPosp18RAGTLlbEaLw2TTbmkEmHshwz6lDHSATLZUK0Km0V3GU87sPHdhtC4jhkDIzCOkO+thQ6hUhsqkdWiuGrOm2a7FF8uJ3j9M5UUX0l1SeNrRh4uQ3J0mWT6jZgTDsPorQEECSTYtc2YGW2E57dSr2/E3NmCvLD1tdE1SZvroCFFR+n8OxcRt9fKXZ12a5vJEVElzc/AdUehsH7LuIoA57Fu21/vzJQOXTQXIJ2VZKWW6yFEsqFgQEOfruSBG4GfFr7CsxgMRrDO7C/pMaKG1hxz9X0Eqyqw3SjU5L2xUF21JX1h5KJjoQ339g+guAmDX9790Pt0AJl66z5PvT4c/4Q71mSyr6yx7hsJMDIZjubHMOS611PmGzz9P0AP70=
X-Forefront-Antispam-Report: CIP:40.107.94.100; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:NAM10-MW2-obe.outbound.protection.outlook.com;
PTR:mail-mw2nam10on2100.outbound.protection.outlook.com;
CAT:NONE;
SFS:(4636009)(396003)(39860400002)(136003)(376002)(346002)(5660300002)(36906005)(316002)(7116003)(33656002)(7636003)(26005)(4326008)(4744005)(75432002)(68406010)(53546011)(6512007)(36756003)(498600001)(2906002)(83380400001)(83290400002)(83280400002)(83300400002)(83320400002)(8676002)(336012)(83310400002)(356005)(3480700007)(6486002)(86362001)(70586007)(6506007)(2616005)(6862004)(45980500001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2021 01:35:20.7422 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5b13b8e8-70da-4e22-ccd5-08d9758d958b
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT010.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR01MB7467
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MIME-Autoconverted: from base64 to 8bit by PCH.mit.edu id 18C1ZNfw027582
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
 by: Charles Hedrick - Sun, 12 Sep 2021 01:35 UTC

The hope is that the proxy will read requests and validate them. Thus passing through the proxy would be less dangerous that exposing port 88 directly. If that’s not true, we should consider the risks of making port 88 available, or give up.

> On Sep 11, 2021, at 7:07 PM, Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
>
> 
>>
>> Another use case is getting tickets for Mac users. We have a few users
>> that ssh into enough different hosts that they want to use kerberized
>> ssh. Unless we open port 88 to the outside, they have to install Mac
>> ports and use the MIT kinit.
>
> So they can't open port 88 to the outside, but port 88-via-80 is fine?
>
> --Ken

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor