kpasswd: Failed decrypting request
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Aug 18 10:51:42 EDT 2006
>> If there are no plans to fix it (or it can't be fixed)... is there any
>> possibility the error message could be a bit more descriptive?
>>
>> I'm trying to deploy kerberos to a large number of users, many will be
>> accessing our systems via the VPN and I'm sure this will be an issue.
>
>You cannot use the MIT kpasswd through a NAT. The IP address of the
>client as seen by the server must match the one the client sees.
>
>When the IETF completes the new set/change password protocol I'm sure
>that MIT will consider implementing it.
If you can't wait for that, fixing the current server to work when the
client is behind a NAT is only about 20-30 lines of code. I believe the
mailing list archives would show you the different solutions various
people have come up with.
--Ken
More information about the Kerberos
mailing list