Requesting use of addresses in forwardable tickets

Gary Grider ggrider at
Thu Sep 12 16:06:01 EDT 2002

Thanks to all for the very lively discussion yesterday on getting forwarded 
tickets to
be addressless.  Having kinit do addressless and then when you forward 
having the
addresses show up again is a real issue for us here at Los Alamos.  In 
trying to conserve
IP addresses, we are forced to put thousands of machines behind NAT's while
still trying to leverage our centralized security infrastructure.  Many 
people need to
ssh or ftp from behind a NAT to get to a centralized service.  I understand 
that having
addressfull tickets is necessary for some, but given an enormous 
infrastructure with
several version of kerberized daemons, having the clients be able to both get
addressless tickets and forward them and have them remain addressless is
a real need for us.
I really hope that this "two line change", if it is that, can be made for 
That would really help us out in the weapons community where we are building
NAT's as fast as we can.

Thanks again for considering this need.
Gary Grider
Los Alamos High Performance Computing Environments

At 04:18 PM 9/11/02 -0500, Douglas E. Engert wrote:

>Sam Hartman wrote:
> >
> > I don't see why you want to change get_in_tkt.c; it is not in the code
> > path of fwd_tgt.c.
>Looks like you are right again. I could have sworn it was. It not been the 
>best day.
>So is it down to a two line change?
>  Douglas E. Engert  <DEEngert at>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444

More information about the krbdev mailing list