Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"The geeks shall inherit the earth." -- Karl Lehenbauer


devel / comp.protocols.kerberos / Re: Looking for a "Kerberos Router"?

SubjectAuthor
o Re: Looking for a "Kerberos Router"?Yoann Gini

1
Re: Looking for a "Kerberos Router"?

<mailman.47.1710341686.2322.kerberos@mit.edu>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=499&group=comp.protocols.kerberos#499

 copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: yoann.g...@gmail.com (Yoann Gini)
Newsgroups: comp.protocols.kerberos
Subject: Re: Looking for a "Kerberos Router"?
Date: Wed, 13 Mar 2024 15:54:28 +0100
Organization: TNet Consulting
Lines: 28
Message-ID: <mailman.47.1710341686.2322.kerberos@mit.edu>
References: <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com>
<202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil>
<581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com>
<202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
<4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="17977"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos@mit.edu
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=JDxZQvCc;
dkim=pass (2048-bit key,
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=CvjW+V7U
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=guTiAyyMBByf7BDXXeo2h0TYvepevVPqe2Md4DFnSS+W+Epi8cLuJ3OySSjcmw3ULhXXmfAoEq8Z0r+PdqKEM/jAR31wXvKYMH7TUByQMuGQEMlnhxHZjyjGq4uvn9ah/YHx4beQpoX9pteZWspD7z6DP4F533O1u+gUeQd2sGxhG1l1yyC0fZTz2DQyvi/RWrnVKTqN8WosSYdo66pf/mnYJ0wPWw+O3N2IM0lbLu7jWk0uBlzaTV8WSc5A1Q6YmfS1fhsaqwE8jz73DelgrTAAf4gUIWLWgDSEI985K2P9WOUExZJHcP4wJp4RVboIzEhiXqNK0IIvco7kschZaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=0sfSwJ5KzGa9QxlBgGuX0yiEgddXejjmxlII0skaqiQ=;
b=XuYMpANftvAyx8xbgOHoQMtAKwyhamBOi7aG2FL5owW895KrMfK4GWSB5MJqVE/gJPB9uSV9m0YdapXPSwCnd9499JqkMGs/wjiFf4y/u2Pj6AucU8K/NGKr3VdtPzAqtoCGvVtJiqR7d8q3tRs+3wlkEm5PfzOhdt+mCMZA6azstt35RO9+mdmLOZpsGMrbGFVXZOn5EA5h8GA95O4QB7Ez+MyGrgm10rwovxKfU4vTBMMG2IHlG2D13QT9Cdod9cVcShyGAg+N08MM5oa+TupNOKTEGCClHVcnKUO08cuhzRabM5zRd+i8AnclY+Qr6pyYzM+LlWw6A99kx5ZyGQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
209.85.221.54) smtp.rcpttodomain=mit.edu smtp.mailfrom=gmail.com; dmarc=pass
(p=none sp=quarantine pct=100) action=none header.from=gmail.com; dkim=pass
(signature was verified) header.d=gmail.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=0sfSwJ5KzGa9QxlBgGuX0yiEgddXejjmxlII0skaqiQ=;
b=JDxZQvCc3nEnfTDoZkKMUJUlKfWrS70DCTnCkdwHqNo4cm+rfAoxoMx2+zIkevv1X6iAUIvC6BG1mJC88Y2mjDePPt4Ed18nVQ0kSIKknmolgT4/fHMtJs9zp93Z3sNCVMmFNzTWqja+2FErIA8O/4NEJmEb2LESkrxVqfvvJjk=
Authentication-Results: spf=pass (sender IP is 209.85.221.54)
smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;
Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates
209.85.221.54 as permitted sender) receiver=protection.outlook.com;
client-ip=209.85.221.54; helo=mail-wr1-f54.google.com; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1710341679; x=1710946479; darn=mit.edu;
h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
:from:from:to:cc:subject:date:message-id:reply-to;
bh=0sfSwJ5KzGa9QxlBgGuX0yiEgddXejjmxlII0skaqiQ=;
b=CvjW+V7UR48OtY6Lkw+mRyp+iUONsV71M82n9bvQKuD2hdlSbEbWkX/RQaS4qPOScK
FzuroojO0PjoLuqJFcyrU80rJd1ss6NxILoKwsbLMWMB5OxoXLHNVQxZKY81Vnkj3HKa
dUYF2VP9z1vzlBw8UTKt4SH9hF8zqIQvkzaFW3t6CxTxkPhk4V8RTHKxTnxL4Qzobx1/
6mFbyy81A6JKiVk4sw4KiwqXb1Si5EqDSyTFu09qcWOP0i6dEnefCxZzcQ1tm2LyoZkx
RHym23Ohrqdjn2k95HmeFXLnwRbMI0jZ32cmhZvj04kcRHljzmAjoZLud6AwOHu1u6wi
dnMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1710341679; x=1710946479;
h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
:from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=0sfSwJ5KzGa9QxlBgGuX0yiEgddXejjmxlII0skaqiQ=;
b=Ex9LqIQWOwlp7cQ9xK4ZB9CODnQwFZ51P3pErZ+EyV98yTKDPMuQLj2vZQeZUXjr4f
avbrpPdJDNDhOZcEoyy4GjH1IAO3WgR0feeepK2+rsB1fsbJPPi9g79sE7PiGqoNWLnb
6nQ1LdbVCCOjJHjOSPfszUy6+JuIP5gNCSBI9YCUkj2onMrZz0UuielE0/3u5gEbVoZC
f9tyOWepTyF2KQwsVrIYhFrT46V1TFwcK7EZV+RdutD2hJXWafoW+Ktgcjp68vcgcfzj
JMIwTq2q5gUwyC8DHwRyc22fw+kFwKXqW1pYr8JsdWstSQ2UF+lJQkT/AZk5KppDTfbg
qRmA==
X-Gm-Message-State: AOJu0YyDwMLnBV+I3l70Hz/p8ViPmzPisJZo48tcnrNMsvLtmIvCjnQq
7YgnbrJT1rUxkIQGiCUk0cV1n7GVi3ceny95X8i5KNmLDD+ZDX5MPNzfVkoZyiw=
X-Google-Smtp-Source: AGHT+IFhZ7+lon6syl6EKmevagGHa48XRRhdgTwxaLC69WJ3s0HYtYnwwKgcaDd0l2mzV9xMtg1vAw==
X-Received: by 2002:a5d:4533:0:b0:33d:1f11:33c1 with SMTP id
j19-20020a5d4533000000b0033d1f1133c1mr1950914wra.55.1710341679036;
Wed, 13 Mar 2024 07:54:39 -0700 (PDT)
In-Reply-To: <202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CA:EE_|SA1PR01MB8623:EE_
X-MS-Office365-Filtering-Correlation-Id: f7c32fa3-fc6d-4ed8-ca5f-08dc436d82f2
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: p+sXvN538vkoUum9lFxYJW0u5XDkZMfN8g1hodTBpXhW3SV4ZkU6wq5AWUK5TN1098TpbOYwyg7nDguWgjJoZyvlrHOJKj9oXMmAgKpU+w9iOSYdUkdWgqiCi1yPS2rSi1mH4wawoYatUWlr2dThB+XtJjxKvnCxthHh99S5ISXlh9okmCP65XjMt1Ct7gCLUZrjS/i8cKK7EYmqCvKZcUaDYWh9DiBqRACjldQk1/gr9z+HycfaKzTNrRWTigUQWvL+DV6ql7I20vJGzjgJnDVjHYIpBw0DBt06De2X49KTLVMumlGKq7zsoDZLo1QqzCmWQICuc7HgZrv9+pWLGOtBKpjNn0FZuuAolLLQ3tsJdAKfiVUuQQsjtxOcZGYHDSyDaN77eg9dokmGqlW+Vcwwmp0vMYEXhBJX9YsJNuVvV/aRpQSf+MiVf85UiBK2HB3JEJoqhfyZYqbkpLphUYJCGnOTvL5IO817mMoBUTE4Uq8U/ICKzsN7cHL7s1U2DmIDF6taIsJkca5FZFUkxyz1Ii9g+rPLeF50IBxMLTlyMBH4TXjwPjYaa/cScyQvv0ep8F34LEk8PJsJk30PRKjMmjn+e/kvAJozr0M27yuB6zNXB6amTd2dxE753H+1B3NsfGpQ1LCne0IpyNoHCDhotNSHgRH2GXCYheQJ6tOwAum6KveNuNcSSpRVPwv+7dtYE5HN7xQA/4RyZDXgAIhu/mA3ciQMwzZT0p5sgTQBp12DIZRDKmdyXL1reL5Q
X-Forefront-Antispam-Report: CIP:209.85.221.54; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mail-wr1-f54.google.com; PTR:mail-wr1-f54.google.com;
CAT:NONE; SFS:(13230031)(376005)(61400799018); DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2024 14:54:40.7213 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f7c32fa3-fc6d-4ed8-ca5f-08dc436d82f2
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CA.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB8623
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
X-Mailman-Original-References: <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com>
<202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil>
<581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com>
<202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
 by: Yoann Gini - Wed, 13 Mar 2024 14:54 UTC

> Le 13 mars 2024 à 15:52, Ken Hornstein <kenh@cmf.nrl.navy.mil> a écrit :
>
>>> One thing that leaps out at me is that by default a lot of Kerberos
>>> messages default to UDP transport so that might be a bit trickier to
>>> proxy them (but not impossible).
>>
>> Yes, that's another aspect of the issue, our expectations so far are on
>> support for TCP only clients. Since it's for mobile users that we are
>> looking to have this support, it shouldn't be an issue.
>
> I would caution you that I think that is something you're going to have
> to grapple with much sooner than you think.
>
> A long time ago we had developed a small Kerberos proxy that forwarded
> on Kerberos messages by prepending the source IP address/port to the
> UDP message (our KDC at the time was modified to recognize this
> and sent the prepended bytes back to the proxy so it could send it to
> the correct originator).

OK, did you had to support iOS and macOS endpoint on that context? (we are looking for Kerberos support for them, to use with Apple SSO Kerberos features)

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor