Closed bivald closed 9 months ago
As always, the hour after you wrote a ticket you figure something out. In my case, I solved it by figuring out all of the SRV records, using:
nslookup -type=SRV _kerberos._tcp.$realm.com
Then add those to vpn-slice, then I added a /etc/krb5.conf file and specified those hostnames instead of using DNS lookup.
Maybe this can help someone else :)
Over for beer/donation still stands, but I need a way to send it (paypal?)
As always, the hour after you wrote a ticket you figure something out. In my case, I solved it by figuring out all of the SRV records, using:
nslookup -type=SRV _kerberos._tcp.$realm.com
Then add those to vpn-slice, …
That is a really excellent finding, actually. :exploding_head:
Perhaps vpn-slice
should have an --lookup-and-route-kerberos REALM
option, to do this automatically?
If @bivald or anyone else is interested in working on a PR for it, I'd be delighted. :star_struck:
Hi,
First of all - thank you, VPN-Slice is very handy (and I would love to buy you a beer/donate a small amount if you would take it). Has anyone any experience with running kerberos SSO over VPN-Slice? Kerberos is a little bit of a black box to me, but it looks like it uses SRV records to lookup things. I've tried adding a lot of
_kerberos._tcp.$real.com
but to no avail, also looks to be using UDP by default.I'll keep digging and update this ticket if I find some way to make it happen :)
Regards, Niklas