PKINIT and NAT
Douglas E. Engert
deengert at anl.gov
Thu May 5 11:36:57 EDT 2011
On 5/4/2011 10:33 PM, Bram Cymet wrote:
> Hi,
>
> I am having this odd problem where if I do a kinit from behind a nat
> with a password it works just fine. However if I use certs with pkinit
> then I can see all the verification being done and I can see the server
> granting the ticket but then when it goes to send back the ticket to the
> client it can't reach the client any more and fails.
>
> Is this a known problem? Is there anything I can do to fix it?
Is this some UDP timeout issue or UDP vs TCP issue?
In the krb5.conf file you can force TCP with:
udp_preference_limit = 1
>
> Thanks,
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list