Misbehaving krb5 forwarding?

Sam Hartman hartmans at MIT.EDU
Tue Mar 30 15:47:53 EST 2004


>>>>> "Adar" == Adar Dembo <adar at stanford.edu> writes:

    Adar> I am behind a NAT network topology where one linux box
    Adar> contains two network cards and serves as a firewall for the
    Adar> other. The first (adar) has my real IP as well as 10.0.0.1,
    Adar> while the second (adard) has 10.0.0.2. The first is
    Adar> connected to the Internet via normal CAT5 Ethernet while the
    Adar> second is connected via an Ethernet crossover cable to the
    Adar> first.

    Adar> For some reason, my kerberos 5 ticket forwarding is
    Adar> misbehaving in conjunction with the MIT kerberos 1.2.8
    Adar> klogind server (this server lacks any special patches to the
    Adar> kerberos 5 handling). Here is some output from my machine
    Adar> that exhibit the problem:

Upgrade to 1.3.2 or 1.3.3 (released soon) and use addressless tickets.
You should see better behavior in this case.



More information about the Kerberos mailing list