NAT with 10.2 and krb5:login....
Everette Allen
Everette_Allen at ncsu.edu
Thu Oct 3 10:48:01 EDT 2002
Sorry I typed that wrong.
So the ticket format I am using is
host/myhost.mydomain.edu at MYREALM.NCSU.EDU
So maybe I missed what noaddresses = true does?
You are saying there is no effect on services that use host tickets by
changing the noaddresses setting?
Sam Hartman wrote:
>>>>>>"Everette" == Everette Allen <Everette_Allen at ncsu.edu> writes:
>>>>>
>
> Everette> So following the NAT discussion begs a question: In
> Everette> MacOSX if one places a v5 host entry in a local keytab
> Everette> file and has edu.mit.Kerberos with [libdefaults] with
> Everette> noaddresses = true what is the exact affect? Seems that
> Everette> either login from behind the NAT still would not work or
> Everette> the machine address value in the host/machine at realm
> Everette> ticket would be ignored... I know the security
> Everette> implications of not having a host entry in the keytab
>
> There is no address is host/machine at REALM, only a hostname and domain.
>
More information about the krbdev
mailing list