3b0d00c743
All network traffic to KDC goes through the SOCKS4a proxy if it is configured. This is deliberately kept simple -- and is not generalized to SOCKS4 or SOCKS5 or other types of proxies -- so it is easy to audit for network and DNS leaks. (SOCKS4 works in IP addresses, and so invites DNS leaks. SOCKS5 can be OK, if used judiciously, but takes more work to implement.) This only affects krb5_sendto -- the other initiator of network traffic in libkrb5, krb5_change_password, will be fixed to respect socks4a_proxy in a subsequent commit. XXX Need to figure out where the socks4a.c code should go. fix https://github.com/heimdal/heimdal/issues/1151
49 KiB
49 KiB