NAT with 10.2 and krb5:login....

Derek Atkins warlord at MIT.EDU
Thu Oct 3 11:13:01 EDT 2002

Everette Allen <Everette_Allen at> writes:

> Sorry I typed that wrong.
> So the ticket format I am using is
> So maybe I missed what noaddresses = true does?
> You are saying there is no effect on services that use host tickets by
> changing the noaddresses setting?

The noaddress = true means the _client_ will not ask for IP addresses
in the TGT or service tickets.  It has nothing to do with the keytab.


> Sam Hartman wrote:
> >>>>>>"Everette" == Everette Allen <Everette_Allen at> writes:
> >>>>>
> >     Everette> So following the NAT discussion begs a question: In
> >     Everette> MacOSX if one places a v5 host entry in a local keytab
> >     Everette> file and has with [libdefaults] with
> >     Everette> noaddresses = true what is the exact affect?  Seems that
> >     Everette> either login from behind the NAT still would not work or
> >     Everette> the machine address value in the host/machine at realm
> >     Everette> ticket would be ignored...  I know the security
> >     Everette> implications of not having a host entry in the keytab
> > There is no address is host/machine at REALM, only a hostname and
> > domain.
> >
> _______________________________________________
> krbdev mailing list             krbdev at

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list