Password changing from behind a NAT
kenh at cmf.nrl.navy.mil
Mon Oct 20 12:25:53 EDT 2003
>But wouldn't you have to also change the clients to ignore the
>HostAddress in the server's reply?
>From what I've seen, that's not required; the server's host address is
always correct when viewed from the client (at least in every NAT I've
ever seen), and it's my understanding that KRB_PRIV only requires the
destination address, so the reply should always "work". If I'm wrong
and I can't get around changing the client, then of course the obious
solution is to use directional addresses.
More information about the krbdev