Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

No more blah, blah, blah! -- Kirk, "Miri", stardate 2713.6

devel / comp.protocols.kerberos / Re: Looking for a "Kerberos Router"?

SubjectAuthor
o Re: Looking for a "Kerberos Router"?Brent Kimberley

1
Re: Looking for a "Kerberos Router"?

<mailman.57.1710366498.2322.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=509&group=comp.protocols.kerberos#509

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: Brent.Kimberley@Durham.ca (Brent Kimberley)
Newsgroups: comp.protocols.kerberos
Subject: Re: Looking for a "Kerberos Router"?
Date: Wed, 13 Mar 2024 21:48:11 +0000
Organization: TNet Consulting
Lines: 97
Message-ID: <mailman.57.1710366498.2322.kerberos@mit.edu>
References: <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com>
<202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil>
<581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com>
<202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
<4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
<202403131507.42DF7PwP016768@hedwig.cmf.nrl.navy.mil>
<31CAD52C-40A9-4C1B-B411-4957DB414ED3@gmail.com>
<202403131621.42DGLZEE017497@hedwig.cmf.nrl.navy.mil>
<08C219DB-7B64-48FD-A500-3A043BDED825@gmail.com>
<ff6b1159594ccac0297ddcda93901dab0f22e61d.camel@redhat.com>
<YT3PR01MB10544C62789ED6D2FAB75F26AFA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
<YT3PR01MB105449454EF0C423AC36F0FE0FA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="4065"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
To: Simo Sorce <simo@redhat.com>, Yoann Gini <yoann.gini@gmail.com>, Ken
Hornstein <kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=bz+BTnk2;
dkim=pass (2048-bit key,
unprotected) header.d=durham.ca header.i=@durham.ca header.a=rsa-sha256
header.s=selector2 header.b=YdWrfLd8
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=G96NfDLGysKe9phxq4K4dmf6WBF9k8ukI7rvac3hriW3HwoD+bA+KSWNWwa6cLTVY3UOdt+nxnc6A+PRgXXWcLzDwbqEFLTNk0OpFKjc61+9MZTj9nJpNtKwJWwP/hjXzyeJmWWY6F3BKMt0KLOqwXUGegUliNC0+kt+01x4zmjrVptzYRCrQyzEEPAhtWNR8xMjSrXo80rlHbuv8tt4oQb5hIkNE4DAndbOjZVX1t1cUNfLbL8btubZQmEGwWgGHZGHe1Fb2EpaQ4rcpOv7LnmrX5ZKZp5iLfICy7WaqY0tHbKQMmAY1i9Tti+s8maPpjaTyLPZ772rQkL9tpX6Fw==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=M/ppSEbKA/dm1QEHU6Cep/R4yvSGLe8r6XMWwRY9icY=;
b=lo08KSL1epqoecmaQK4uYM9gRrJ4jqLS1Bdo6RIRQRDXDk/ssDDzJp2RE4hU7CA8LOY6jhayP1GzT/o24zxrdrP3sMMl/8kAS+Gy5iymSdy/F0NBfSclPN6284ftQDZcI5txTy/saeRh7LyPffIaT1tn1mdRYIIygmJe//77OWzHrNaYJurNaY3OMXIEvPVat9kaZZ3/oykzLvYVF5BA9avMsfFXuI52FzAgx4CPouWGrJ9Ddr80vOa+LMwdFhHBB/1F0+RBkiQaUlUZwCnWgdPawCLN7SU3Z1mHEkiARVVTZHoiniYGwJwAaMSwa6glHISYL0n+UGakJnAw/nZMQg==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.108) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=M/ppSEbKA/dm1QEHU6Cep/R4yvSGLe8r6XMWwRY9icY=;
b=bz+BTnk2unCZsgK1rVZfvxJjEBreNIXJ+oRoZP6wQC9qn70EM92hZ0U62iDdvCWpgLazTludUd5/EmXWlBMLns1z3UH9l3R9gqPaJ13qsclL9U7eECnQLBxLWG+blxh30GP0VM4WQNIcvGpONZ/jYYr4+ZpNCOKQyJ6TB70VIl4=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=nr40VvQIDabq1R81gdsI2BXjMmpmoDxCTHm6snmhOnukechKH51RPBVtZ1WJqG4sGK/AFan8b1EBo10hI3LPZwzRoMABbvGh0s8mZ6td5pviGXGII70ZaSzKPst+wl2eWz+cEkCk8sLiz3BKh9Ookb9sAp17GbCSMBST3uW/GTqE/mA8cnmSZd+mPrP8qexVTSYv1Oz5a6II2EoqFd4f/QqaUymxep++JL5JngDzB39UWLzaXNjze1YDxzcIAL+mel16AvwvPQZhxVjtXfGU38C01DgGmaWja/bSOGaPChlnEPBrOqS9JJjhiylEQx2LBdWaTDIbRTwx0gAf9M0QFQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=M/ppSEbKA/dm1QEHU6Cep/R4yvSGLe8r6XMWwRY9icY=;
b=PB7l7xkNJFC7qRWRItjkAg+yKAF/TkmId2PV2dXxUBBboONr6+6KDqSrI7Uk5iOgl+6FsG+iDNqWkPQnaYupajv8UoXFY1o1Y4sLtQ44F3k/He/73Q8fr/j/sW8THfjwXYQZ13WpRLb+g8c9MM5qYXmC1PyRiZqpdobpx4u3Tu/5SW74dsrkWWoHQjbHMkkvESZua8w8xHh8zt0gSGGIuuLCOW3dr8cv+34arutgr3QvXV5PuKJm13wgg0s65MRFXm9ZEQ/1ORU9upnIZM4rgxUy30e+3NLtXQzJ9YIq20KgTHW5JpRjQ+UR/Ekfl6QfE6GzfFobZPpGvjlbHlMc2w==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.107.116.108) smtp.rcpttodomain=mit.edu smtp.mailfrom=durham.ca; dmarc=pass
(p=reject sp=none pct=100) action=none header.from=durham.ca; dkim=pass
(signature was verified) header.d=durham.ca; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=durham.ca] dkim=[1,1,header.d=durham.ca]
dmarc=[1,1,header.from=durham.ca])
Authentication-Results: spf=pass (sender IP is 40.107.116.108)
smtp.mailfrom=Durham.ca; dkim=pass (signature was verified)
header.d=durham.ca;dmarc=pass action=none header.from=Durham.ca;
Received-SPF: Pass (protection.outlook.com: domain of Durham.ca designates
40.107.116.108 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.116.108; helo=CAN01-YQB-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=UawhWgCpLhUnltVzhCYFpcCxNHVrsndpSRlWaBqZTyH74TQurjAOGTrj8VwLYvqTvBXQyuOiuFHRCTGOoZtGeqpSW1UkyBKgTUFlbJDl1xZ9AHwUa/FrqOvsTPCbaANTxhqud59ONLdSPaa6upt7/3KfpEcfaoEZNlX+jnPoakx5RxiNx/oTBQ01JWYqnDxgMPMq83uHtd/F+Mc5baASgUtzXHlZ8T6fRBonP7U+OFKBym000C1ek2f5p+UHeLWmJYYsD3hGzG4WJe+p3kQFRcLiXqA6VWBOu1+K0d78ugILsRZFsfBM2tAMrD5iVaZBe7bX2546EqTp9vsDttQ2BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=M/ppSEbKA/dm1QEHU6Cep/R4yvSGLe8r6XMWwRY9icY=;
b=nZBadX2pdINmLI4aM8L2w9Tegq1a7XlD9+Vfyac0v96iY+ncz6zTUIM097ULuv0Vc0/NSyTv7GQWxHQkVu63V11lG5c9dArWm9m2GEU3c/hM2/0SIRNRBFRAAv5rn2LpgmnpfeKQARrXgGEhEWgG8VWhk6EVdmENXM4+f8nzO0B3XU5ngi30LYGWL4r5QfbWJgUdyCKB+NkyZfllHRxrzIZkzpcYmf0TwROI20vwoLa2hNOgHSQn0sT2KMUldYtJv+xJwNMRB26EpG3FcMFES5UFwzuIX39Tbm5L2cLnU+q7SukNd8YCoGVBdiEVjZHbQTdCCXdQ7pkE27SUaFKQww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=durham.ca; dmarc=pass action=none header.from=durham.ca;
dkim=pass header.d=durham.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=durham.ca; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=M/ppSEbKA/dm1QEHU6Cep/R4yvSGLe8r6XMWwRY9icY=;
b=YdWrfLd8ehY3sWmDczxL3y5fREmvufOxqj/O/si+7YOxj3rTLo/t0cPYjHkNkPJyrQsylKLH4zL3x7FbjzI5W00e4Pb5MeO1Lu9JvAubzc4tWb7ZLQoNrwWQmwWk3VlWU5n3WUkRTl2edW5IYHe1fMxWP63JiO3HwNey0wU9QlZCx4UYRawNthyue6CUwM6uh06bjIWKlVkIHWiCt9uJMAAqresEZ79jIftaUkA5AH6pKOuQoT3YfL4mR2udqpqVz5GPenmiJl5SSWhFS6PqifVoTySyqYtzv63mBQJLMry6auSlbAO6dqq4Paz8w6AgvG8tlwrz6bpf6RQLdw/AzA==
Thread-Topic: Looking for a "Kerberos Router"?
Thread-Index: AQHadTxi3M7GgqqfNUaLGiclCkOnl7E1t5mAgAABXgCAAAi0gIAAAI4AgAADnoCAAA9ngIAABVKAgAAC/gCAAEdmgIAADttggAABc54=
In-Reply-To: <YT3PR01MB10544C62789ED6D2FAB75F26AFA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=Durham.ca;
x-ms-traffictypediagnostic: YT3PR01MB10544:EE_|YQXPR01MB6398:EE_|CH3PEPF0000000C:EE_|CO1PR01MB7243:EE_
X-MS-Office365-Filtering-Correlation-Id: 374360a2-a680-4eaa-44dd-08dc43a74905
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: zx/RoK1D5Pz1Gr2AoPfArDwXpdHnEj9ikjJpzkhsygCbmaR9uCZ48G5XjIL/+QPzCCvyPAE95f/JajdFK4AgCivrHTbGlWgaGbfN2uaeUkvGMPjAet89cmDniNGz2KT50gFtWH49D05IkrzG06fVzv4STSMQX//FPdOpJQSJ91butoYWIayrNcnyoNQcb72wbSA2MTANrIJQkt5xrlS30PoK+2YIsR2LWtDGTAOog0KANPQnrkJ7/GHv3VkWAZtCpJFoL03g3k1Vvn2DbkV+rvXOej91E7W3zQIXBM4vPKD54ZtkU7PazV7er6y8ZDt5DdhtKvIeOubyQcfNyGaVT13YuJ+NreFVBFedLsSs/k5BrIW13xo/LDMHH+w3e8TCB+saU/gpeb88FLCe7QGDpR3nMBfsbkuWnAFQx2DG+Vo+IruHmj5nuRaxOXMUSipQE3LXngiZQpb/Eb5RQc3EZsubkQfhWgK5sY0CsXz+7VpPTICWWzl1D4OgjI0uTPYQyrziEBV5Vcg2ahU7k72ZeT2atw2/0Z7YyI0QnUVfN3vuIS5yMtEazkubt//3idNzi6L9vgRCBa9yeodeouxxC4S131MRwCQ0XigyDQMnpWMEPII9MOvejdDXfjLPCbzOr+clRWiS6BaSggUUndiBx42b26irXNCiHyn0/DFcu5w=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM;
PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(38070700009); DIR:OUT;
SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: 3iJnNlHNx6IWooqyU+htqk40YvE9yYb/mfwwyKy3nWKOsWuZsFHK3aDb
n5IE7kXi4SuN5rkOLmIFWBcZIK0yuWZVQ4W5SAICher3CTP/0SUO5ANB
2lMKYaLV4zlhMeBb/lPOouIURZLxE3DFIG4JkaVVuqLlQ8xZ4Mes7SkA
Ey0dVV0CcD6Ga5zMkuJhw+uaLehr9hprgFzYlyr7OuYQcoDboXS+NsVv
7s5EwuEg8CuN6Fews9gbWtQIY5r7unEbEHOe2Y+SGOVYLG282ZQicMmB
AJb0jSXTgCUDemAzeB5JT8CpkFe0awhZw/YjTDlN9nsAWA4jNE/2QtEa
gG+VciVgOakHe2U7tvSL0fkNBMPc2ydP13dFeuLW6qa+lqM/vSXkjcOZ
JXPqcp9EYbU5cDF6WQZ+b8ATFy/b/E9I4CH/PaiBATJNORO4KxIbqrtN
f2SDqGek07XbSooW5nmvx0Q0FghD0pqt7bto75/39Chptn+1RglvN5wx
5NPpmsn7HcAYKCeTKJ9Ol8+rQExKO8iZKXov0wvKBaJ79qILpwNDaOyv
lYG1vhmlxirbrRZUDi32UmnNntDDtNizmMlU7AXVnbOYFQ8Z/iDHHBIK
eJ+R6x4sKZi7ytommK+h6YW5Yz59yWvaCu/7RVh6EjHD5VAjQT34kDXq
SOFeGann+aTSsAp8kCTNDGojBqTgEdItL/34HwyzcPbGFW+Rh152gyQI
ClLACG+NRRU24SrLtZejlrMC6rXSfW+pgfVGZss6Sa58VlXfsBdiy2R8
cGATNwRfMB8EOAhMdh5GrxO6PfAqK+h0ZiPJ/2oGg0FjeB5IyQzL0fLv
34A/5Ve8Iyz7ovww6bMH6OAi4Q4EYXRMYQCkC+34s7FvOiZ8myKkeWKj
OHJRnSWLhZ0Ze0oLl2cSNz86rTgi4ajrphi5mowmf1QIJi5VxUfk02vM
evLcawBZQVhrSGPF48sjEF202AbWcVN87qMppdtEygMfsRWXEyOL8lyZ
GUg38sonrXR+82+Lv2T6b7rrGUzbm8FHVde2jLM1v9B7gELZap8wLjRc
2Nxe4PmTTSHUNETwNcWvBXZnhK8FBUBJ+bBHTvaoasa8jGm2rLzgLicb
Ybl81Hiu6tzI0acrqh9w7skq639HpPvNNO1dlT6ZeI4ZSMRKN7IthETa
9Lr4c2LHKO4JQBw4ox8EeBeO4eHnT+ihDkNqpmlPlTVxxMBVh20s04k/
cts6DFdAirlh+euGthq05dCvXQ07n3GfI4ezuWUxU+I5wcoTmpdDYfY1
x9rcBA43LXaAV22HetNsBfM04lAlAzNcx8Zdwtzx3AVWGDxWI47kYA7V
kJUW8gYsZMRwQU21JGb4ypXdM1CT6Q+/hxHcFVwguDyduLHQhfXzTdUl
QqHZVvaWcccJaOvfQ2t8lWtFHtoRwIWRBC752OgzgSeCjHsgI6soUa4h
Pze68RCBAJAlzkg4dp+zR5SN0y/natRp3Sw0ZO45bvoPWGFl08OFr1jN
LZtifnxHf7xAV6ghfDfCqL5VMYrkw+Le8xMbM/s/Ds55Bhaxhg3bGc7C
CTQNMwL7t8allIvvihs7dxcrjHUr0d7160MlITD90GutsQoc4zQNE7yw
im8flJ3EeNqOinJQW2w=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR01MB6398
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CH3PEPF0000000C.namprd04.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CH3PEPF0000000C.namprd04.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 8ba5e2bb-8a0e-4494-f493-08dc43a74753
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: NOxlNwyVFN2pU+gKxsYODy1ryJJ2P4UWOuIa5UHXBh4nU3Y/YSft9UM64uuFy6uKh3bY6Ul0YAxJ5VuYJts5IMqCoLhocMCKfnz7y5J9SVtztIEKBTFb+63MDtqJ5YfgpdNazo7Wpv+1atLCm854sv0v7HKb+xY2AQN9Lzl/qgxmsPvUpQvVyvcd1X+FwGtACTRudJCu3Bf4i8FLfPQocLi/KKcJJF3BnI6UeNQpgoOjbbiSgaaRRk1IGqnUZPHv4ASVV3RCNkX9kd7qkgaB6WxWrLX+ZQPucIzYGmxbLls8ceyobsaWEXvkrpZBwCVSCJtaWr/L5WuwVa72Rpqe66eq2iAlSw8O3xBnOkmVGrjC6pDjP1Lhfhi+R5m0LsNXyM/Za7nae+K12sOqtxL3cc4pRIyL7DE1uVv7UHJrngH6vV5TBdvwuuY8pvMfgj1ASqN25rDqGCrAPOJrQaPzXquh56Pv/k9SIw7knXdjO3IPSU9Soue6YSbw0jD7zytUegViXV8+B1V3Swc1eFIbN/e+xXLk1ctBUoVBcwiBfYtjnn1PgiTX9pA6wxBUALFHDmXMvUZTLz3qqalDIIjp+wFVSQ7vyASmLGTqOfMly1MlFdFxE60cK+rvP2V5NnY+ehbw1MdCAoLBFmqfqOYjRWhd6OjqnErE1VUESiWVol4NwT2uTXNLu2P2dk1Kugrq
X-Forefront-Antispam-Report: CIP:40.107.116.108; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:CAN01-YQB-obe.outbound.protection.outlook.com;
PTR:mail-yqbcan01on2108.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(61400799018)(376005); DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2024 21:48:14.2355 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 374360a2-a680-4eaa-44dd-08dc43a74905
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000C.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR01MB7243
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YT3PR01MB105449454EF0C423AC36F0FE0FA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
X-Mailman-Original-References: <CD4C5157-C1DF-4AAB-9DA1-F54FEF928266@gmail.com>
<202403131416.42DEGRub016309@hedwig.cmf.nrl.navy.mil>
<581276BD-9D29-4D8C-A23E-8613493E378B@gmail.com>
<202403131452.42DEqTwP016604@hedwig.cmf.nrl.navy.mil>
<4DF7F808-676D-4226-AE6F-034995094DAC@gmail.com>
<202403131507.42DF7PwP016768@hedwig.cmf.nrl.navy.mil>
<31CAD52C-40A9-4C1B-B411-4957DB414ED3@gmail.com>
<202403131621.42DGLZEE017497@hedwig.cmf.nrl.navy.mil>
<08C219DB-7B64-48FD-A500-3A043BDED825@gmail.com>
<ff6b1159594ccac0297ddcda93901dab0f22e61d.camel@redhat.com>
<YT3PR01MB10544C62789ED6D2FAB75F26AFA2A2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
 by: Brent Kimberley - Wed, 13 Mar 2024 21:48 UTC

The site philosophy can be expressed as fail open / fail closed /fail safe / fail deadly...
________________________________
From: Brent Kimberley
Sent: Wednesday, March 13, 2024 5:41:58 PM
To: Simo Sorce <simo@redhat.com>; Yoann Gini <yoann.gini@gmail.com>; Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu <kerberos@mit.edu>
Subject: RE: Looking for a "Kerberos Router"?

To the best of my knowledge, all IPV6 ports should be closed by design and only opened if/when approved.

-----Original Message-----
From: Kerberos <kerberos-bounces@mit.edu> On Behalf Of Simo Sorce
Sent: Wednesday, March 13, 2024 4:48 PM
To: Yoann Gini <yoann.gini@gmail.com>; Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Subject: Re: Looking for a "Kerberos Router"?

[You don't often get email from simo@redhat.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

This is well tested:
https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flatchset%2Fkdcproxy&data=05%7C02%7Cbrent.kimberley%40durham.ca%7Cde3f8941d2b64fc0ec6f08dc439ee352%7C52d7c9c2d54941b69b1f9da198dc3f16%7C0%7C0%7C638459596905104881%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=4H0nZRxcUm0XdRKqLsydlI06oDz2pfHxBiKC7HxZmv4%3D&reserved=0<https://github.com/latchset/kdcproxy>

On Wed, 2024-03-13 at 17:32 +0100, Yoann Gini wrote:
>
> > Le 13 mars 2024 à 17:21, Ken Hornstein <kenh@cmf.nrl.navy.mil> a écrit :
> >
> > It does occur to me that maybe if you have different KDC hostnames
> > but the same IP address you could use TLS SNI or hostname routing
> > which you indicated you already use and maybe that would be simpler?
> > That presumes the client implementations set the SNI field (I see
> > that it does send a "Host" header, and it looks like MIT Kerberos
> > does set the SNI hostname).
>
> This is what I have in mind looking at the documentation of kkdcp (reading as exchanging here). Using SNI to select the KDC.
>
> I will give it a try, it looks like the option I need here.
>
> And yes, all of those complexities would have been avoided by network
> teams just supporting IPv6 and not blocking random ports for no reasons… ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail<https://mail/>
> man.mit.edu%2Fmailman%2Flistinfo%2Fkerberos&data=05%7C02%7Cbrent.kimbe
> rley%40durham.ca%7Cde3f8941d2b64fc0ec6f08dc439ee352%7C52d7c9c2d54941b6
> 9b1f9da198dc3f16%7C0%7C0%7C638459596905112923%7CUnknown%7CTWFpbGZsb3d8
> eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0
> %7C%7C%7C&sdata=dZYepxHAXNhDO%2F4F%2FpLx7fDYgT6xEYGEKtjEK7l1H74%3D&res
> erved=0

--
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman..mit.edu%2Fmailman%2Flistinfo%2Fkerberos&data=05%7C02%7Cbrent.kimberley%40durham.ca%7Cde3f8941d2b64fc0ec6f08dc439ee352%7C52d7c9c2d54941b69b1f9da198dc3f16%7C0%7C0%7C638459596905118780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=dzii88nyGoDkbNfjgCWFYvNUHCh%2B%2FiR4CIc%2FQggCEjs%3D&reserved=0<https://mailman.mit.edu/mailman/listinfo/kerberos>
THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor