Requesting use of addresses in forwardable tickets
Gary Grider
ggrider at lanl.gov
Thu Sep 12 16:06:01 EDT 2002
Thanks to all for the very lively discussion yesterday on getting forwarded
tickets to
be addressless. Having kinit do addressless and then when you forward
having the
addresses show up again is a real issue for us here at Los Alamos. In
trying to conserve
IP addresses, we are forced to put thousands of machines behind NAT's while
still trying to leverage our centralized security infrastructure. Many
people need to
ssh or ftp from behind a NAT to get to a centralized service. I understand
that having
addressfull tickets is necessary for some, but given an enormous
infrastructure with
several version of kerberized daemons, having the clients be able to both get
addressless tickets and forward them and have them remain addressless is
a real need for us.
I really hope that this "two line change", if it is that, can be made for
1.2.6.
That would really help us out in the weapons community where we are building
NAT's as fast as we can.
Thanks again for considering this need.
Gary Grider
Los Alamos High Performance Computing Environments
At 04:18 PM 9/11/02 -0500, Douglas E. Engert wrote:
>Sam Hartman wrote:
> >
> > I don't see why you want to change get_in_tkt.c; it is not in the code
> > path of fwd_tgt.c.
>
>Looks like you are right again. I could have sworn it was. It not been the
>best day.
>
>So is it down to a two line change?
>
>--
>
> Douglas E. Engert <DEEngert at anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
More information about the krbdev
mailing list