Password changing from behind a NAT
kenh at cmf.nrl.navy.mil
Mon Oct 20 10:38:36 EDT 2003
I'm wondering if anyone has noticed that password changing fails from behind
a NAT? This happens because the password changing protocol uses KRB_PRIV,
which requires a source address, which always ends up failing if you're
behind a NAT.
The only obvious solution I see is to make krb_rd_priv() ignore the source
address in a KRB_PRIV. Code-wise, this is easy; I'm just wondering if anyone
has any suggestions on the best way to do this in terms of the API.
More information about the krbdev