Kerberos and firewalls

malon@MIT.EDU malon at MIT.EDU
Thu Sep 4 17:27:33 EDT 2003

When my laptop is on MITnet, I have no trouble using Kerberos for
Macintosh to obtain Kerberos tickets and authenticate myself.

When my laptop is on the MIT Math Department wireless network, it
sits behind a firewall which I believe implements IP masquerading.
It is impossible for me to obtain new tickets when I'm on this

Is there any way to circumvent this problem?  My understanding of
Kerberos is rather shallow, but why can't I basically forward my
old tickets from MITnet to myself, assigning them to my effective IP
address given by the firewall?

Is IP masquerading (as opposed to some other aspect of the firewall)
really the problem?

Thanks and best regards,
Christopher Malon

More information about the krbdev mailing list