fetch 4.0 with kerberos and apple airport network

Booker C. Bense bbense at networking.stanford.edu
Tue Sep 3 18:26:01 EDT 2002

On Tue, 3 Sep 2002, Miro Jurisic wrote:

> >krb_ignore_ip_address is a global compile time variable.
> >
> >- If you build your deamons with this turned off then most of the
> >evil NAT problems go away. My patch uses an env variable to turn
> >it on if you really need it. You can find it at
> No, they don't go away. Then you run into the direction bit problem,
> and you can't fix that without
> a. recompiling every client
> b. introducing a security hole
> Really, you should just give up, although it might be good for you to
> first read the relevant code on the client and understand how the
> direction bit works.

- Done. I've given up on kerberos. Sorry for spreading

- Booker C. Bense

More information about the krbdev mailing list