[External] Re: kprop across NAT boundaries (patching privsafe)
ghudson at mit.edu
Thu Jan 7 14:57:09 EST 2021
On 1/7/21 1:35 PM, Jorj Bauer wrote:
> It’s failing at the head of recv_database, where it tries to krb5_rd_safe().
It seems that k5_privsafe_check_addrs() checks the message r-address
against the list of local addresses if the auth context doesn't contain
a specific local address. However, the r-address is optional (even if
the receiver's auth context does contain a local address), so we can
just modify kprop not to send it.
Please try this commit:
More information about the krbdev