Misbehaving krb5 forwarding?

Russ Allbery rra at stanford.edu
Tue Mar 30 21:14:23 EST 2004


Sam Hartman <hartmans at MIT.EDU> writes:
>>>>>> "Adar" == Adar Dembo <adar at stanford.edu> writes:

>     Adar> I am behind a NAT network topology where one linux box
>     Adar> contains two network cards and serves as a firewall for the
>     Adar> other. The first (adar) has my real IP as well as 10.0.0.1,
>     Adar> while the second (adard) has 10.0.0.2. The first is
>     Adar> connected to the Internet via normal CAT5 Ethernet while the
>     Adar> second is connected via an Ethernet crossover cable to the
>     Adar> first.

>     Adar> For some reason, my kerberos 5 ticket forwarding is
>     Adar> misbehaving in conjunction with the MIT kerberos 1.2.8
>     Adar> klogind server (this server lacks any special patches to the
>     Adar> kerberos 5 handling). Here is some output from my machine
>     Adar> that exhibit the problem:

> Upgrade to 1.3.2 or 1.3.3 (released soon) and use addressless tickets.
> You should see better behavior in this case.

Cool, thanks.  I didn't know if this was a known bug.  We're hoping to
move to 1.3.2 or 1.3.3, probably shortly after we finally manage to get a
K5 aklog working, so *maybe* this summer, more likely later in the year.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list