Reverse-NATing Kerberos
Tillman Hodgson
tillman at seekingfire.com
Wed Sep 18 09:59:28 EDT 2002
On Wed, Sep 18, 2002 at 08:02:24AM -0400, Josh Huber wrote:
> Tillman Hodgson <tillman at seekingfire.com> writes:
>
> > Are there any issues with reverse-NATing Kerberos (port 88 UDP)
> > connections from the Internet to an internal Kerberos server? For
> > example, is the source IP address embedded into the packet and thus
> > would cause NATing problems?
>
> I guess not, because I do this :)
>
> There are more issues with NAT on the client side, unless you request
> an addressless ticket. (kinit -A)
Excellent, the -A started me on a track where I think I've gotten this
bit of architecture figured out. Thanks :-)
-T
--
When you do something, you should burn yourself completely, like a good
bonfire, leaving no trace of yourself.
Shunryu Suzuki
More information about the Kerberos
mailing list