kprop trouble.
Tom Yu
tlyu at MIT.EDU
Mon Apr 12 22:35:06 EDT 2004
>>>>> "nick" == Nick Palmer <nick at sluggardy.net> writes:
nick> Right, but does any other part of the protocol for kprop rely on
nick> not being NATed? My kpropd gets past the authentication step, as
nick> I turned on addressless tickets by default when I did the
nick> initial setup. It errors out recieving the database size, which
nick> made me wonder if there was something else going on. I will try
nick> moving the slave out in front of the firewall though and report
nick> back on what I find. It looks like I may have to dig through the
nick> kprop code to figure this one out though.
KRB-SAFE and KRB-PRIV messages (used in kprop) need to have a correct
sender's network addresses in them in order to protect from reflection
attacks. NATs can interfere with this.
---Tom
More information about the Kerberos
mailing list