can we FTP upload behind firewall and NAT
Markus Moeller
huaraz at moeller.plus.com
Sun May 8 16:33:43 EDT 2005
Shih-Chieh
You can use it behind a firewall if you switch off the channel binding. If I
remember right the latest MIT sources don't use channel bindings anymore,
Heimdal and proftpd with mod_gss have an option for the daemon to switch it
off.
The other problem you may have is that the FW can't inspect to PORT/PASV
command anymore to open the right ports of a stateful firewall and to
replace ports if needed.
Regards
Markus
"Shih-Chieh Hsu" <schsu at fnal.gov> wrote in message
news:427DBD95.5070906 at fnal.gov...
> Hi!
>
> Does anyone ever succeed upload files to a kerberised server from
> a compute node behind a firewall and NAT.
>
> Here's the error message.
> 1. I tried getting addressless credentials by doing 'kinit -n'.
> 2. However, ftp gives me following error.
> GSSAPI accepted as authentication type
> GSSAPI error major: Incorrect channel bindings were supplied
> GSSAPI error minor: No error
> GSSAPI error: accepting context
> GSSAPI ADAT failed
> GSSAPI authentication failed
> KERBEROS_V4 accepted as authentication type
> Kerberos V4 krb_mk_req failed: You have no tickets cached
> Name (fcdfdata114.fnal.gov:schsu): schsu
> Password:
> Login failed.
> Remote system type is UNIX.
> Using binary mode to transfer files.
>
>
> many thanks,
>
> Shih-Chieh
> ps I've tried that anonymous with passive mode allow me download file.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list