Password changing from behind a NAT

Nicolas Williams Nicolas.Williams at
Mon Oct 20 11:13:56 EDT 2003

On Mon, Oct 20, 2003 at 10:38:36AM -0400, Ken Hornstein wrote:
> I'm wondering if anyone has noticed that password changing fails from behind
> a NAT?  This happens because the password changing protocol uses KRB_PRIV,
> which requires a source address, which always ends up failing if you're
> behind a NAT.
> The only obvious solution I see is to make krb_rd_priv() ignore the source
> address in a KRB_PRIV.  Code-wise, this is easy; I'm just wondering if anyone
> has any suggestions on the best way to do this in terms of the API.

The fix is to use the directional HostAddress type that's in


More information about the krbdev mailing list