[OpenAFS] openafs, aklog, and NAT

Derek Atkins warlord@MIT.EDU
25 Sep 2001 11:00:11 -0400


How does aklog fail?

Note that krb5 does not deal well with NAT because of how IP Addresses
are encoded into tickets.  Krb4 does not have this problem; so if you
wind up using the v4 aklog it should work, however, v5 may fail to
actually obtain the tickets.

So, in what way does "kerberos" work on those machines behind NAT?
Yes, you can get your TGT, but can you get any OTHER service tickets?

-derek

"J. P. Mellor" <j.p.mellor@rose-hulman.edu> writes:

> We're running openafs with kerberos5/aklog.  I've got several machines
> behind a firewall box which does NAT for the internal network.  kerberos
> and openafs work fine, I just can't get aklog to get my afs token when
> it's NAT'd.  aklog works fine from the firewall machine.  Any
> suggestions on how to get aklog to work in a NAT environment?
> 
> Thanks,
> 
> jp
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available