NAT with 10.2 and krb5:login....

Everette Allen Everette_Allen at
Thu Oct 3 10:48:01 EDT 2002

Sorry I typed that wrong.
So the ticket format I am using is

So maybe I missed what noaddresses = true does?
You are saying there is no effect on services that use host tickets by 
changing the noaddresses setting?

Sam Hartman wrote:
>>>>>>"Everette" == Everette Allen <Everette_Allen at> writes:
>     Everette> So following the NAT discussion begs a question: In
>     Everette> MacOSX if one places a v5 host entry in a local keytab
>     Everette> file and has with [libdefaults] with
>     Everette> noaddresses = true what is the exact affect?  Seems that
>     Everette> either login from behind the NAT still would not work or
>     Everette> the machine address value in the host/machine at realm
>     Everette> ticket would be ignored...  I know the security
>     Everette> implications of not having a host entry in the keytab
> There is no address is host/machine at REALM, only a hostname and domain.

More information about the krbdev mailing list