Misbehaving krb5 forwarding?
Russ Allbery
rra at stanford.edu
Tue Mar 30 21:14:23 EST 2004
Sam Hartman <hartmans at MIT.EDU> writes:
>>>>>> "Adar" == Adar Dembo <adar at stanford.edu> writes:
> Adar> I am behind a NAT network topology where one linux box
> Adar> contains two network cards and serves as a firewall for the
> Adar> other. The first (adar) has my real IP as well as 10.0.0.1,
> Adar> while the second (adard) has 10.0.0.2. The first is
> Adar> connected to the Internet via normal CAT5 Ethernet while the
> Adar> second is connected via an Ethernet crossover cable to the
> Adar> first.
> Adar> For some reason, my kerberos 5 ticket forwarding is
> Adar> misbehaving in conjunction with the MIT kerberos 1.2.8
> Adar> klogind server (this server lacks any special patches to the
> Adar> kerberos 5 handling). Here is some output from my machine
> Adar> that exhibit the problem:
> Upgrade to 1.3.2 or 1.3.3 (released soon) and use addressless tickets.
> You should see better behavior in this case.
Cool, thanks. I didn't know if this was a known bug. We're hoping to
move to 1.3.2 or 1.3.3, probably shortly after we finally manage to get a
K5 aklog working, so *maybe* this summer, more likely later in the year.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list