Kerberos and NAT

Printable View

June 27th, 2003, 01:03 PM
R0n1n

Kerberos and NAT

Does anyone have any ideas on how I can get Kerberos to work with Network Address Translation? i.e. The users are behind a firewall which does NAT and want to connect to remote services using Keberos authentication. Oh, and this is using a hide NAT for a network, not a static NAT.

There are a couple of ideas out there but they all result in weakening the security (e.g. including the NAT address in the kerberos tickets IP list etc..)

Thanks
June 27th, 2003, 03:42 PM
Maestr0

Use Kerberos 5 witch can generate adressless tickets: kinit -A

-Maestr0
June 28th, 2003, 04:50 AM
br_fusion

I would use "fpipe" available at http://www.foundstone.com/index.htm?.../freetools.htm . So you can port forward to the specified computer/port. But if your behind a router, you will have to check your router man pages.

I'm interested in trying that new Kerberos.

All times are GMT +1. The time now is 06:57 AM.