Password changing from behind a NAT

Ken Hornstein kenh at
Mon Oct 20 12:25:53 EDT 2003

>But wouldn't you have to also change the clients to ignore the
>HostAddress in the server's reply?

>From what I've seen, that's not required; the server's host address is
always correct when viewed from the client (at least in every NAT I've
ever seen), and it's my understanding that KRB_PRIV only requires the
destination address, so the reply should always "work".  If I'm wrong
and I can't get around changing the client, then of course the obious
solution is to use directional addresses.


More information about the krbdev mailing list