[External] Re: kprop across NAT boundaries (patching privsafe)

Greg Hudson ghudson at mit.edu
Thu Jan 7 14:57:09 EST 2021

On 1/7/21 1:35 PM, Jorj Bauer wrote:
> It’s failing at the head of recv_database, where it tries to krb5_rd_safe().

It seems that k5_privsafe_check_addrs() checks the message r-address
against the list of local addresses if the auth context doesn't contain
a specific local address.  However, the r-address is optional (even if
the receiver's auth context does contain a local address), so we can
just modify kprop not to send it.

Please try this commit:


More information about the krbdev mailing list