can we FTP upload behind firewall and NAT

Markus Moeller huaraz at moeller.plus.com
Sun May 8 16:33:43 EDT 2005


Shih-Chieh

You can use it behind a firewall if you switch off the channel binding. If I 
remember right the latest MIT sources don't use channel bindings anymore, 
Heimdal and proftpd with mod_gss have an option for the daemon to switch it 
off.

The other problem you may have is that the FW can't inspect to PORT/PASV 
command anymore to open the right ports of a stateful firewall and to 
replace ports if needed.

Regards
Markus

"Shih-Chieh Hsu" <schsu at fnal.gov> wrote in message 
news:427DBD95.5070906 at fnal.gov...
> Hi!
>
> Does anyone ever succeed upload files to a kerberised server from
> a compute node behind a firewall and NAT.
>
> Here's the error message.
> 1.  I tried getting addressless credentials by doing 'kinit -n'.
> 2.  However, ftp gives me following error.
> GSSAPI accepted as authentication type
> GSSAPI error major: Incorrect channel bindings were supplied
> GSSAPI error minor: No error
> GSSAPI error: accepting context
> GSSAPI ADAT failed
> GSSAPI authentication failed
> KERBEROS_V4 accepted as authentication type
> Kerberos V4 krb_mk_req failed: You have no tickets cached
> Name (fcdfdata114.fnal.gov:schsu): schsu
> Password:
> Login failed.
> Remote system type is UNIX.
> Using binary mode to transfer files.
>
>
> many thanks,
>
> Shih-Chieh
> ps I've tried that anonymous with passive mode allow me download file.
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 




More information about the Kerberos mailing list