-
+

HTTPS proxy configuration

In addition to being able to use UDP or TCP to communicate directly with a KDC as is outlined in RFC4120, and with kpasswd services in a @@ -78,14 +69,14 @@ and servers.

An HTTPS proxy server is provided as a feature in some versions of Microsoft Windows Server, and a WSGI implementation named kdcproxy is available in the python package index.

-
+

Configuring the clients

To use an HTTPS proxy, a client host must trust the CA which issued that proxy’s SSL certificate. If that CA’s certificate is not in the system-wide default set of trusted certificates, configure the following relation in the client host’s krb5.conf file in the appropriate [realms] subsection:

-
http_anchors = FILE:/etc/krb5/cacert.pem
+
http_anchors = FILE:/etc/krb5/cacert.pem
 

 

 
Adjust the pathname to match the path of the file which contains a
@@ -94,21 +85,23 @@ more fully in krb5.conf file in the form
 of HTTPS URLs for the proxy server:

-
kdc = https://server.fqdn/KdcProxy
+
kdc = https://server.fqdn/KdcProxy
 kpasswd_server = https://server.fqdn/KdcProxy
 

 

 
If the proxy and client are properly configured, client commands such
-as kinit, kvno, and kpasswd should all function normally.

-

-

+as kinit, kvno, and kpasswd should all function normally.

+
+
+