Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

She sells cshs by the cshore.


devel / comp.protocols.kerberos / RE: Looking for a "Kerberos Router"?

SubjectAuthor
o RE: Looking for a "Kerberos Router"?Brent Kimberley

1
RE: Looking for a "Kerberos Router"?

<mailman.56.1710366124.2322.kerberos@mit.edu>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=508&group=comp.protocols.kerberos#508

 copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Ki...@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: RE: Looking for a "Kerberos Router"?
Date: Wed, 13 Mar 2024 21:41:58 +0000
Organization: TNet Consulting
Lines: 61
Message-ID: <mailman.56.1710366124.2322.kerberos@mit.edu>
References: <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com>
<202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil>
<581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com>
<202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
<4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
<202403131507.42DF7PwP016768@hedwig.cmf.nrl.navy.mil>
<31CAD52C-40A9-4C1B-B411-4957DB414ED3@gmail.com>
<202403131621.42DGLZEE017497@hedwig.cmf.nrl.navy.mil>
<08C219DB-7B64-48FD-A500-3A043BDED825@gmail.com>
<ff6b1159594ccac0297ddcda93901dab0f22e61d.camel@redhat.com>
<YT3PR01MB10544C62789ED6D2FAB75F26AFA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="3185"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
To: Simo Sorce <simo@redhat.com>, Yoann Gini <yoann.gini@gmail.com>, Ken
Hornstein <kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=JIe3BxAr;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=GPROeKsi
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=H9NVEOgtEF5XN6ET5nkRqqqn/mH7qM6KVg8ESAHE2Z10+1eNUb/L0jbAiODtccF7KCfzvtM1d28sgxGi5fSeXFnypZitcu5n696lRBe9cPN6MV/XOgHTVC0NX37WCLOn7Mrb3m6+WX3+mLYVXKn4wV+jm77oNA7OdaTyDBKoJ13VN0h08yZ5BLUy36b0COlrFI2HgmQB1n8xkPwh588k0OzpIr+YgxMl7jp3ZWQZGp28UO2Ok4pg3yMUQElYS9d86CsCBxGBv0iZXwOn34N19tjQReq9KHhpSXbqfMzc5EurqQLUO2MEnSXkpuo/QkiNmQouG0Yuda1bpn+ded7DqA==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DGTZzGXzFbZK3KqLd8Iunp6WQhaO/sOBLJmFgX4gkHw=;
b=HCsxqeQgUU6SUPnNn8TqU9eYyu3VJsyNn9FaxzDCbc9W1yb1uIEL622lkNCVNVB4XUqssdf80Q4to0YhhziW30wtbPwmN5E4t0Ux8TQ/dtQLqr7n1p+7pQPM7K9xROJTnFLIxLcYhaEn+7xk8IxTFx4MPB3kULKxzyfdDHBsjSLczBlsSZ2nvHr4xnJf9NSJvJgXR3C+vwtfhlB0IUY1ZLxmgy5tTxB8oZ63IvbI2No08YMzih6KW0LUImGfXWu41kOwMJiTCZ4eMwzygGPUFAOcxjuwBMlDsbzPXE8K/lToY3rwK7U+EMKXS31xAHbpd3xXsHnUBWL9xwKCoICMaQ==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
52.101.191.3) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DGTZzGXzFbZK3KqLd8Iunp6WQhaO/sOBLJmFgX4gkHw=;
b=JIe3BxArzx0+MUJQImw52kEpqeXEINl0RfuhLxDT3xzIlt+N/QHntGY+G0dFP2wNs11wGgJJlxx9Ppfso158RGD61hGpj1BwpdayLgihizSgWPzIYP/zoNbGlYu9M1W/YYbzgedxiE5eWUW+CmLkd6IyO9Vx+qlXGohl8tA0sLg=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=gS+tMvT6iJbz6ZjiXuAdgSgz5rdkqzoGpoAoLhqKKZuETHbtcpDsaEV8WgxsdTu6RxyQLgIEajcTgGvl9rjZazZ2fkL7cf5lg+CQoIsxXig8DiTvghg8ZB1AzfrdPErkrb15KnBJdn4lOOo2CSu/0f8+COle3dnErT9a9Y0Z9p6W+X20FzDssPAeiF5X3/RrW8AUpsT/Wp9iufiW+BcWwC6NqrwI3mSyZQgYqvjw9TQIp2toFD7UevRvmvJsgnN0BXqK7+IXheBowGCdZZdRIzxZGFYqOI40DYEiXGLNGSuZsMxQzpPZ+f6K/N0WEAnW3Cw1APxeWL1T4CBVg4rOoA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DGTZzGXzFbZK3KqLd8Iunp6WQhaO/sOBLJmFgX4gkHw=;
b=MX/HOr8IuwNbcr5X22t7ggooYWzKQjXwX/C+g/bjuBq7VbgPuln4XBmZTMhNjyx1OcJCKfTA1l+l5uHFHV0cyITVfY+wOvM4gAscQwXSrxt7M+taMgjNUuxHwvhh3A5CpntSYsWJHHT15qDCOsIZ6JHR7YYRlZ6T8lYftjgtEBBTvRWadRvAaWLmYDKA7F3l5+9j4sU8Bi0NOjrsI1kNIUVOQgD8kdYWJmN3eoGWfW2ljoWPlU/iWaRefazUr8FX9yag5noOLmOjPbwXTOPxG/6BO3rfM7RGswNLgyNtTbLEO9E5ylPGwOdrB5MtKa75dUhZOysQndRROn/2MP1zmw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
52.101.191.3) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 52.101.191.3)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
52.101.191.3 as permitted sender) receiver=protection.outlook.com;
client-ip=52.101.191.3; helo=YQZPR01CU011.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=hNpEWZr7qnVyrXK2/5DdNZ4/wbjqm0Hv7t4DwRTUbnjtUPzAng7mzAT6cvLl+edawgwBSs2HUhjDIm9WcbI+2PjtHYezsMFvg4uaSNfTNjDWIYlHgayH7iZRyN4X6GLcwID8Si2fBKb7OXsVz6FN7/xF5mCkjhKoAyhvN/hefneTj8sDRZNL2EJeh+lrsMmeQU388AfYl35052ALZNTqaX2/R8d5WAqLtY+e45aO23nOYvdQ2bneihJYSkVyzB/+5OC+4lL8jK8Mrjp1Tx3Z27OO0O6enAhc8H4Ep0BYt/0+I6oron/6pAnnhKoMmLO5Ys6cw7p+ghx9Aknw8uFPdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DGTZzGXzFbZK3KqLd8Iunp6WQhaO/sOBLJmFgX4gkHw=;
b=JaXQlEFSi7JdY7HMDm19D+RR7UwHKLQ2C7xta9Je2DjhU7VpMR/me0upRXlMs363jJe6Hz/aKACukEs+ID0Rb3frWE09Egx+GrV+VkLHYg9IZAZ3bdXiKxmltW7sNp2IQPAUptgNIqCNSPKNSICeJq69MjxaUUEOmZgta/R/GeUNZf0LDIzfW0QZnGEejP4A9YuApePAi08r5X+Jnui70akuTEbvQrB7N9qzwW4ozW7u56b1mjdOSisxdjjIFQ1PGgYRt6wKKvWzd+2fdYnHAGgcrtL1fxv+WquekvSL2b0DnDCr3i3Om/SW443qZsHrDemELavhEyQUVxuf9ioblA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DGTZzGXzFbZK3KqLd8Iunp6WQhaO/sOBLJmFgX4gkHw=;
b=GPROeKsiaasWSB3fuMNuLjsMF+6Lg+reivW69avdfhlAM3mm5u0Er13VMI7IVQzrXGpYjVLqP07IlGrAJW/+q2nFb1H24QizTaHgstgJ5FcSI+ojGU7FpwO9lTCYVDUwiaXfHTqPnI+e5ociWN/ImxvBnQLMKF+7Z6MVDqMpHgRa9/nHmPgXKG3OixF8mX6OALkJS2DMzl38ESL/0KREOs1FfQjKmqj8fhLj0rdlc8vdRd/K9wDV1KmCoT7p/piefMhPfe6kq5C95c8uZYa3Ty2F+dR2+aN2wp6xlhAdQRMvdKhQGwCUukDFjWFRdIe13Qx881Ek/x+//ncPkMfAQg==
Thread-Topic: Looking for a "Kerberos Router"?
Thread-Index: AQHadTxi3M7GgqqfNUaLGiclCkOnl7E1t5mAgAABXgCAAAi0gIAAAI4AgAADnoCAAA9ngIAABVKAgAAC/gCAAEdmgIAADttg
In-Reply-To: <ff6b1159594ccac0297ddcda93901dab0f22e61d.camel@redhat.com>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT3PR01MB10544:EE_|YT2PR01MB9237:EE_|CH3PEPF00000011:EE_|SA0PR01MB6218:EE_
X-MS-Office365-Filtering-Correlation-Id: 19ac029c-ddc7-437e-728f-08dc43a669da
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: /yh8F/2Aoci5FiTi18jufl7e2OYuQcPa7GAp/KMQpBugADDV2aZv2g5zAkZZjcLJ0xaOKY0U7pvf3kycQdxPa31dsLUXTctdelz+7nRuJ3TJwqEH5dIkacnlN6aKRCbG+VksXOceIHugYvqAomCrorreeqtqc3yxUH2Lmqg3hX3nj050ZNSUnaCvVLDTbMY4+Bgg8Fac0tBGDWrTnXhn3Xmkmh4pNT7RM3Df3s1mo1BOyuUd4hryD/7qszv1mZaiBa22MWBAwAkEzbnQhSoULBwdof/xJht4Y3NeRXN5cFOpVtVIbF33sO6ZFhXZ8IeaHt1damYQXlAiIXPk0NY/L0cFg3D7/1vPL3XuLsigDQBsDZhYUM/J6Rq62amrkFUfYb4naFA/co2ZsfRbB2/fa9ibAkD6/2wJKga9K7nghTYTA//6EJzJ61RqVD2sgYPgSE9ZDy5qf7UesY8mIOyYtwI93qM4mb0mE95EKXgYAVmUZICqh45aRR+2qOgMgilzH3qbDwS+rgfwjoF/Kklw6bMOOvbgm6Xh4YvDJEmUVyOh8CIEi8e5yBsNNGddb9BdEz8IGrvVlsUJsFG4XX5xQL7WnG/l7UoWYuazHlMQjFATFjOqS1RRG0e5rQbYIXRpEVmRoyY+Dd4G74WAZ9qBY3OKkjyqaVKUALKUjHgnzbI=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(38070700009); DIR:OUT;
SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: 6rV5tBxVMIjz5smalwYyiHpMPhpo3ouXDrPGaJYfaZFfXEwVOksn6VE61S
tpqKSkQSayGCuSbhsAvIb9+MvFSJT1CbJtv+aqpprJ7sHyW8UI4wlsCOGQ
yNXZjlDssV/x3a7pJVSo4Ld3lATmWWOjDpfrhmWUscXah80/sK6VrXvYer
9i7BE8KRGBaJpm7Ec7raAlBKqh5kpQs+5hpz+zPKmoA4n8hxG4/K9+YBEv
tNIPSIlpOO1TyCKc2kuSug8hxvvLD02lFjja5oaD4JKVaG0/TDAExaWolY
wO3luuui8UkYzxPyFwlvC60gjOf2h7+l2hZdoxSUPex+OhvP52ZAjF2GO5
aAQDCwUFxfGrSDdKrOxU4+inuYmLpL37LLRGDEsNMX975b8HOqLy+D1bEy
ujTL9Dd1mwSXzH7H6V5SmxMeLng6o1TsZ9VgA6FyMkKsPLUsbPto+PsT27
7D9Alsx4nBdIj1kT4WiGkJgbRb+xdeQYmagIsJ6kY/FmL3JY2S/qx09Ov6
IL7BVnEKiprRpmTxXnSAOkg2icNE5e5zxL2sodqBooFTrhUeT6WNbAeLOZ
RtTsvv8Pbh760OxB0vS+Iv1twFm0bispNgo71CB8MZmamQcRrPOBdMS1e3
OZ9O4beRQ1jymR7MYOn7RlnEMr0kV2VhMWsKhqkbuOKN0mo2AcT77jmm1E
we/tZereSnk7zZM0PdNdMu+XokIJlRRmEjf/ezzXKK7bn8WOjCbwZWDRqb
iC7zdhBNS4lzUwZwZTgiI5r1YKsJ08MGXS6IcFEuYJAt5+cPoadPdZu6Wx
/6Yf6ID1P9M+2Sb37CmyLtGEWjSKq6QSVR7oILW8+bJ16KpEr96HjPHdRf
KgR1Kdt/p/8z0b3PKfLnW0b6gcZyG5iF7up9Z2g6cd5EIcPa3/iXjcsXDx
YvM+NVqvE/Uc3mVX6yJNnND6P0DOxKItg2g6Kb+FePq1kLLQE7+y5mNf6K
8MCfHSsVc4uK8j6VTOguZ0pN78zyRNfumLhMr1TH/aUeXPCBX1CY72sSUb
FcMmFLUdr2P2ykO+9ieBca+h9ID7y8c94rMnZ9AUUAzIHXdSxqDn8/dQpa
UvgA8dN9P7JaSFIpwuShCg+xhG28JjxX+7eAV72ff2Ztxts8jwyvYt2PBz
6qIgtKPdkqxxcKNTjdB9HtMB2YD7rBXS1b1rovOEZSegRQGg0SEvJRwHI6
hDRetzdscyu2j1CYVXAAnc6fZ9MUWzSUH7Jq/+3Vw9xjfgkWyIZCfHZQZr
54laxsLp71H13nicHyfUTNqvvjJ6MXMzR1+vs20Z47VbuETagozr9vktHq
ijGhX1ApiAETagvqCw0Ox2uLNgrRYuc4CYgjpUWJXlopGndIKcU1PgfMKa
80eHaBwmNuTSVmCdQ3QEUkvk7c6fv9EZZtBKeGVVT+FmE6+GbcJbZRRPVy
q4u2h6wPb1chDDDeBPFFr8QZ1egxz2buHyWJA1cK1mAxj4AGckTgNZ5FAO
0t8AZ261cOa5707qQFWIWo/zYW1nhiRTo2dYejZ7Keh5eRDiQ8ogTuDefo
H5l5b0kisgtUMUtixaWVOlLptvn3lCEMAIgkT3Cb1ybg+ABtrkM2Idag
==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT2PR01MB9237
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CH3PEPF00000011.namprd21.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CH3PEPF00000011.namprd21.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1c0a3062-bf7e-499b-063f-08dc43a668cb
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nnMFZ3WuSNfETBI5svl3Oil7WDaRbdrJEjxTesyyX4skE1I6hdpRNzigJdWPKxK9/1XJp8XlfMjtSyDtvYgfizn5eMtj66ipyeStbIegIsgGturGQcZzIwd9BwKAv7YC5OgTScXtOgWbI2m/phmf2bBkOU/50z+82o/72R9dcldWacsXBQgVh6SDmBLnbib2PBMpVsLMXUGmLLgnkSxiyNyD45emo1IMYVYN3BcwyIN2voAOdsjzzeYQjNeqdaTB5rqPVicHo0q1tgY5SAJIYqmYRgXiSI1ZiJEVDSas8R+gDNzmpaDSp5NI9ai6tpvY0Dx7DUxqeyRyd0qsvFrTa6Dz5367P2qbWPTjsVWaTAtrja2CnR3GB3HWc8LC6RUc1J9pOnWAatjfo6fad131Sr1U1n3SmZ/ASX7WAwKkrtE+/ewyEzUfhEx5dkHJ0TCmdiHFp0Zd9x48v3RQIoqypAYgYWRVEPsZFAbakjBxNlI6rgdWkDui362Si82dStNZxLU70kidJ/EVtgS0VTKB1TVXa2qDGRBNrLDMlxSukKmBHIVwQDLhxga9SRPHcclN0d577XzF3Yhc9zS00Tcs9m742h1kk1ioP05mzS2fF+WpU+1GEri8ENr5NH3wiOsZyCD5mrq+0L5KHy8zUWi10+KYg8IWfQQr9QLBbXq3yGA=
X-Forefront-Antispam-Report: CIP:52.101.191.3; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:YQZPR01CU011.outbound.protection.outlook.com;
PTR:mail-canadaeastazon11020003.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(61400799018)(376005); DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2024 21:41:59.8073 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 19ac029c-ddc7-437e-728f-08dc43a669da
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF00000011.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR01MB6218
X-MIME-Autoconverted: from quoted-printable to 8bit by mailman.mit.edu id
42DLg1f51536558
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT3PR01MB10544C62789ED6D2FAB75F26AFA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com>
<202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil>
<581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com>
<202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
<4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
<202403131507.42DF7PwP016768@hedwig.cmf.nrl.navy.mil>
<31CAD52C-40A9-4C1B-B411-4957DB414ED3@gmail.com>
<202403131621.42DGLZEE017497@hedwig.cmf.nrl.navy.mil>
<08C219DB-7B64-48FD-A500-3A043BDED825@gmail.com>
<ff6b1159594ccac0297ddcda93901dab0f22e61d.camel@redhat.com>
 by: Brent Kimberley - Wed, 13 Mar 2024 21:41 UTC

To the best of my knowledge, all IPV6 ports should be closed by design and only opened if/when approved.

-----Original Message-----
From: Kerberos <kerberos-bounces@mit.edu> On Behalf Of Simo Sorce
Sent: Wednesday, March 13, 2024 4:48 PM
To: Yoann Gini <yoann.gini@gmail.com>; Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Subject: Re: Looking for a "Kerberos Router"?

[You don't often get email from simo@redhat.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

This is well tested:
https://github.com/latchset/kdcproxy

On Wed, 2024-03-13 at 17:32 +0100, Yoann Gini wrote:
>
> > Le 13 mars 2024 à 17:21, Ken Hornstein <kenh@cmf.nrl.navy.mil> a écrit :
> >
> > It does occur to me that maybe if you have different KDC hostnames
> > but the same IP address you could use TLS SNI or hostname routing
> > which you indicated you already use and maybe that would be simpler?
> > That presumes the client implementations set the SNI field (I see
> > that it does send a "Host" header, and it looks like MIT Kerberos
> > does set the SNI hostname).
>
> This is what I have in mind looking at the documentation of kkdcp (reading as exchanging here). Using SNI to select the KDC.
>
> I will give it a try, it looks like the option I need here.
>
> And yes, all of those complexities would have been avoided by network
> teams just supporting IPv6 and not blocking random ports for no reasons... ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mail/
> man.mit.edu%2Fmailman%2Flistinfo%2Fkerberos&data=05%7C02%7Cbrent.kimbe
> rley%40durham.ca%7Cde3f8941d2b64fc0ec6f08dc439ee352%7C52d7c9c2d54941b6
> 9b1f9da198dc3f16%7C0%7C0%7C638459596905112923%7CUnknown%7CTWFpbGZsb3d8
> eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0
> %7C%7C%7C&sdata=dZYepxHAXNhDO%2F4F%2FpLx7fDYgT6xEYGEKtjEK7l1H74%3D&res
> erved=0

--
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor