Reverse-NATing Kerberos

Tillman Hodgson tillman at
Wed Sep 18 09:59:28 EDT 2002

On Wed, Sep 18, 2002 at 08:02:24AM -0400, Josh Huber wrote:
> Tillman Hodgson <tillman at> writes:
> > Are there any issues with reverse-NATing Kerberos (port 88 UDP)
> > connections from the Internet to an internal Kerberos server? For
> > example, is the source IP address embedded into the packet and thus
> > would cause NATing problems?
> I guess not, because I do this :)
> There are more issues with NAT on the client side, unless you request
> an addressless ticket. (kinit -A)

Excellent, the -A started me on a track where I think I've gotten this
bit of architecture figured out. Thanks :-)


When you do something, you should burn yourself completely, like a good
bonfire, leaving no trace of yourself.
	Shunryu Suzuki

More information about the Kerberos mailing list