krb5-appl/1087: ftp clients can't connect to ftpd over a NAT
smch@midway.uchicago.edu
smch at midway.uchicago.edu
Thu Apr 11 11:54:04 EDT 2002
>Number: 1087
>Category: krb5-appl
>Synopsis: ftp clients can't connect to ftpd over a NAT
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Apr 11 11:55:00 EDT 2002
>Last-Modified:
>Originator: Steven Michaud
>Organization:
University of Chicago
Networking Services and Information Technologies
>Release: krb5-1.2.4
>Environment:
System: SunOS kilroy.uchicago.edu 5.8 Generic_108529-13 i86pc i386 i86pc
Architecture: i86pc
>Description:
If you try to connect to the MIT ftpd from a client that's connected
over a NAT server, the connection always fails. This is true even if
you're using addressless tickets. The message "failed accepting
context" appears in the system log of the server.
>How-To-Repeat:
See "Description"
>Fix:
Either of the two fixes contained in my message of 4-10-2002 to the
krbdev list (number 7042) would work. So would Sam Hartman's
suggestion (4-11, number 7046) to simply turn off all address checking
in ftpd (presumably by having it always specify
GSS_C_NO_CHANNEL_BINDINGS to gss_accept_context()). Sam Hartman's
suggestion is much simpler, and I actually now prefer it to either of
my own.
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list