[clug] Kerberos through an SSH tunnel

Daniel Rose drose at dtlm.homelinux.net
Mon Mar 7 23:06:49 MST 2011

Hi everyone,

This is a bit of a lazy email; I've only done a little research on this,
except to verify that that naive implementation won't work:

Suppose Kerberos works fine for
http://server.example.com/path/script.cgi on a network.

If you:

ssh localhost -L4545:server.example.com:80

Then visit


...it asks for credentials, but they are never acceptable!  I didn't
really expect it to work I suppose.

I can (and I admit should) go trawling through the kerberos specs and
see if I can use tricky hostnames, and capture traffic on 88 to try and
see what's happening, so as a lurker who doesn't attend meetings I'm not
asking for anyone else to do any grunt work for me.

Instead, I'd just like to know if anyone's encountered this before and
already found or made a workaround, or if someone's spent ages on it
already and determined that it's entirely impractical to try.

Any thoughts?

More information about the linux mailing list