[External] Re: kprop across NAT boundaries (patching privsafe)
Greg Hudson
ghudson at mit.edu
Thu Jan 7 14:57:09 EST 2021
On 1/7/21 1:35 PM, Jorj Bauer wrote:
> It’s failing at the head of recv_database, where it tries to krb5_rd_safe().
It seems that k5_privsafe_check_addrs() checks the message r-address
against the list of local addresses if the auth context doesn't contain
a specific local address. However, the r-address is optional (even if
the receiver's auth context does contain a local address), so we can
just modify kprop not to send it.
Please try this commit:
https://github.com/greghudson/krb5/commit/f1f5b5eed3ef0779225ada6ab4f092b5267f1398
More information about the krbdev
mailing list