kprop trouble.

[Tom Yu]

>>>>> "nick" == Nick Palmer <nick at sluggardy.net> writes:

nick> Right, but does any other part of the protocol for kprop rely on
nick> not being NATed? My kpropd gets past the authentication step, as
nick> I turned on addressless tickets by default when I did the
nick> initial setup. It errors out recieving the database size, which
nick> made me wonder if there was something else going on. I will try
nick> moving the slave out in front of the firewall though and report
nick> back on what I find. It looks like I may have to dig through the
nick> kprop code to figure this one out though.

KRB-SAFE and KRB-PRIV messages (used in kprop) need to have a correct
sender's network addresses in them in order to protect from reflection
attacks.  NATs can interfere with this.

---Tom