fetch 4.0 with kerberos and apple airport network
Booker C. Bense
bbense at networking.stanford.edu
Tue Sep 3 18:26:01 EDT 2002
On Tue, 3 Sep 2002, Miro Jurisic wrote:
> >krb_ignore_ip_address is a global compile time variable.
> >
> >- If you build your deamons with this turned off then most of the
> >evil NAT problems go away. My patch uses an env variable to turn
> >it on if you really need it. You can find it at
>
> No, they don't go away. Then you run into the direction bit problem,
> and you can't fix that without
>
> a. recompiling every client
> b. introducing a security hole
>
> Really, you should just give up, although it might be good for you to
> first read the relevant code on the client and understand how the
> direction bit works.
>
- Done. I've given up on kerberos. Sorry for spreading
mis-information.
- Booker C. Bense
More information about the krbdev
mailing list