[krbdev.mit.edu #3427] NAT causes password change to fail with Bad Address
nate.yocom@centrify.com via RT
rt-comment at krbdev.mit.edu
Fri Jan 27 23:02:57 EST 2006
When the kdc is behind a nat, the source address in the change password
packet sent to the client is incorrect (has the actual address, not the
nat'd address) - which causes krb5_rd_priv_basic() to fail with
KRB5KRB_AP_ERR_BADDADDR. This patch adds a krb5.conf option
"passwd_check_s_address" which when set to "no" disables this check,
allowing password changes through a NAT to succeed. All default
behavior is maintained when otherwise set to true (the default).
Nate Yocom
Senior Software Engineer
Centrify Corporation
425.462.5894
www.centrify.com
More information about the krb5-bugs
mailing list