[14677] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: using Kerberos V5 with network address translation firewall?

daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon Jul 16 09:38:40 2001

From: jaltman@watsun.cc.columbia.edu (Jeffrey Altman)
Date: 16 Jul 2001 13:31:36 GMT
Message-ID: <9iuqbo$298$1@newsmaster.cc.columbia.edu>
To: kerberos@MIT.EDU

In article <xofr8vh6v67.fsf@blubb.pdc.kth.se>,
Johan Danielsson <joda@pdc.kth.se> wrote:
: Jeffrey Altman <jaltman@columbia.edu> writes:
: 
: It will work just as well if the kdc and the service is on different
: sides of the nat, that is not at all.
: 
: In the other configurations it works much better.
: 
: > So the often time suggested KDC solution is no better.
: 
: Than what?
: 
: /Johan

than adding addresses into the ticket from the client side.
NATs do not work well with embedded addresses. 

 Jeffrey Altman * Sr.Software Designer      C-Kermit 8.0 Beta available
 The Kermit Project @ Columbia University   includes Secure Telnet and FTP
 http://www.kermit-project.org/             using Kerberos, SRP, and 
 kermit-support@kermit-project.org          OpenSSL.  SSH soon to follow.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14677] in Kerberos

Re: using Kerberos V5 with network address translation firewall?

daemon@ATHENA.MIT.EDU (Jeffrey Altman)Mon Jul 16 09:38:40 2001

daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon Jul 16 09:38:40 2001