[14511] in Kerberos
Re: Patch for making Kerberos work through Firewalls and NATs
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Wed May 30 13:55:26 2001
Message-Id: <200105301752.f4UHqJN225992@jurassic.eng.sun.com>
Date: Wed, 30 May 2001 13:55:21 -0400 (EDT)
From: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
Reply-To: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
To: kenh@cmf.nrl.navy.mil
Cc: kerberos@MIT.EDU
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: Uk2mtEGma/9+l3dNljT0gA==
Is there a fix/workaround or possible way to make forwarding
tickets through a NAT work?
I have a hacked up 'kinit' client that puts the NAT addr in the
AS_REQ (along with the hidden, local address) and I can get a TGT
from the KDC on the other side. But I cant seem to use that ticket
to authenticate to a telnet server on the opposite side - the server
rejects my authentication saying
"Read forwarded creds failed: Incorrect net address"
-wyllys
>To: "Michael Bischof" <mb@byteworks.ch>
>cc: kerberos@MIT.EDU
>Subject: Re: Patch for making Kerberos work through Firewalls and NATs
>X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4
WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d gD\SW
#]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e`
>Date: Wed, 30 May 2001 09:50:39 -0400
>From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>
>>> (Doesn't solve all of your problems, though).
>>
>>Which problems?
>
>Forwarding tickets through a NAT still doesn't work, IIRC. And ftp is
>a complete loss.
>
>--Ken
