Password changing from behind a NAT
Nicolas Williams
Nicolas.Williams at sun.com
Mon Oct 20 11:13:56 EDT 2003
On Mon, Oct 20, 2003 at 10:38:36AM -0400, Ken Hornstein wrote:
> I'm wondering if anyone has noticed that password changing fails from behind
> a NAT? This happens because the password changing protocol uses KRB_PRIV,
> which requires a source address, which always ends up failing if you're
> behind a NAT.
>
> The only obvious solution I see is to make krb_rd_priv() ignore the source
> address in a KRB_PRIV. Code-wise, this is easy; I'm just wondering if anyone
> has any suggestions on the best way to do this in terms of the API.
The fix is to use the directional HostAddress type that's in
clarifications.
Nico
--
More information about the krbdev
mailing list