krb5-appl/1087: ftp clients can't connect to ftpd over a NAT

Donn Cave donn at
Wed Apr 17 14:34:01 EDT 2002

Quoth Sam Hartman <hartmans at>:
| >>>>> "Donn" == Donn Cave <donn at> writes:
|     Donn> A conservative policy for minor releases is a good thing in
|     Donn> general - I really hate it when every release, no matter how
|     Donn> minor, includes some gratuitous feature change!  But in
|     Donn> support of this request - how many sites out there aren't
|     Donn> going to need this patch?  Is there any site left in the
|     Donn> world that isn't stuck with at least some NAT users?  It's
|     Donn> broke, isn't it, and probably for the majority of sites?
| It's not even a bug fix.  I don't think you can realistically say that
| Kerberos has ever supported NAT for ftp even a little bit.  We'll add
| such support in the next major release.

That's good, hope that's soon.  It's awkward to have to direct people
towards solutions that involve patching the source.  From your perspective
I can see there might be a difference between recently broke and always
has been broken.

| Hopefully, soon, people will start using GSSAPI sftp and scp instead
| of ftp.

Really?  Is GSSAPI, Kerberos and ssh2 in less of a mess than I thought?
Our site does promote sftp, but specifically a Windows implementation
that we support with sshd2.  GSSAPI authentication is a long
ways off on either end.  Incentive to even look at GSSAPI capable
alternatives, even if there were any, would be minimal, since the
authentication issue is perceived to have been solved already by ssh

	Donn Cave, donn at

More information about the krbdev mailing list