NAT with 10.2 and krb5:login....
warlord at MIT.EDU
Thu Oct 3 11:13:01 EDT 2002
Everette Allen <Everette_Allen at ncsu.edu> writes:
> Sorry I typed that wrong.
> So the ticket format I am using is
> host/myhost.mydomain.edu at MYREALM.NCSU.EDU
> So maybe I missed what noaddresses = true does?
> You are saying there is no effect on services that use host tickets by
> changing the noaddresses setting?
The noaddress = true means the _client_ will not ask for IP addresses
in the TGT or service tickets. It has nothing to do with the keytab.
> Sam Hartman wrote:
> >>>>>>"Everette" == Everette Allen <Everette_Allen at ncsu.edu> writes:
> > Everette> So following the NAT discussion begs a question: In
> > Everette> MacOSX if one places a v5 host entry in a local keytab
> > Everette> file and has edu.mit.Kerberos with [libdefaults] with
> > Everette> noaddresses = true what is the exact affect? Seems that
> > Everette> either login from behind the NAT still would not work or
> > Everette> the machine address value in the host/machine at realm
> > Everette> ticket would be ignored... I know the security
> > Everette> implications of not having a host entry in the keytab
> > There is no address is host/machine at REALM, only a hostname and
> > domain.
> krbdev mailing list krbdev at mit.edu
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the krbdev