[14663] in Kerberos
Re: using Kerberos V5 with network address translation firewall?
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu Jul 12 13:39:46 2001
Message-Id: <200107121734.f6CHYtM24965@ginger.cmf.nrl.navy.mil>
To: Donn Cave <donn@u.washington.edu>
cc: kerberos@MIT.EDU
In-reply-to: Your message of "12 Jul 2001 16:52:45 GMT."
<9ikkkt$qce$1@nntp6.u.washington.edu>
Date: Thu, 12 Jul 2001 13:34:53 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>I understand that has been working for most applications. The only
>problem seems to be ftp (Fetch), where GSS channel bindings bring
>the local address back to cause more trouble. Would someone mind
>confirming that any GSS ftp client will necessarily have this problem,
>and it isn't something the application could handle?
As I understand it (when a similar issue came up before) .... channel
bindings are optional for ftp, and you can turn them off and still
be considered compliant with the spec. I think that will require mods
on both current clients and servers, though.
--Ken
