Set udp_preference_limit[1] to 1 in krb5.conf to force the use of TCP?
Then something like tsocks to force kinit to go through SOCKS, since I
don't see a way to configure a SOCKS proxy for Kerberos.
--Quentin
[1] https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#libdefaults
On Mon, 22 Jul 2019, Randall Sindlinger wrote:
Hello,
I am already using openconnect with ocproxy, setting up a SOCKS5 proxy.
I'd like to do Kerberos authentication through the proxy (to a KDC that is on the VPN). However, ocproxy does not support forwarding UDP traffic.
Do you have any suggestions on how I might be able to do Kerberos through openconnect? It supports using an HTTPS proxy, but I'm currently at a loss for how to make that work in conjunction with openconnect.
Thanks,
-Randall
_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
