Results 1 to 3 of 3

Thread: Kerberos and NAT

  1. #1
    Senior Member
    Join Date
    Oct 2002

    Kerberos and NAT

    Does anyone have any ideas on how I can get Kerberos to work with Network Address Translation? i.e. The users are behind a firewall which does NAT and want to connect to remote services using Keberos authentication. Oh, and this is using a hide NAT for a network, not a static NAT.

    There are a couple of ideas out there but they all result in weakening the security (e.g. including the NAT address in the kerberos tickets IP list etc..)

    Quis custodiet ipsos custodes

  2. #2
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Use Kerberos 5 witch can generate adressless tickets: kinit -A

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #3
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    I would use "fpipe" available at http://www.foundstone.com/index.htm?.../freetools.htm . So you can port forward to the specified computer/port. But if your behind a router, you will have to check your router man pages.

    I'm interested in trying that new Kerberos.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts