[clug] Kerberos through an SSH tunnel
Daniel Rose
drose at dtlm.homelinux.net
Mon Mar 7 23:06:49 MST 2011
Hi everyone,
This is a bit of a lazy email; I've only done a little research on this,
except to verify that that naive implementation won't work:
Suppose Kerberos works fine for
http://server.example.com/path/script.cgi on a network.
If you:
ssh localhost -L4545:server.example.com:80
Then visit
http://localhost:4545/path/script.cgi
...it asks for credentials, but they are never acceptable! I didn't
really expect it to work I suppose.
I can (and I admit should) go trawling through the kerberos specs and
see if I can use tricky hostnames, and capture traffic on 88 to try and
see what's happening, so as a lurker who doesn't attend meetings I'm not
asking for anyone else to do any grunt work for me.
Instead, I'd just like to know if anyone's encountered this before and
already found or made a workaround, or if someone's spent ages on it
already and determined that it's entirely impractical to try.
Any thoughts?
More information about the linux
mailing list