I've been trying to get a working login to my server from behind a NAT-firewall, but I can't get any tokens with libpam-krb5. If I use "kinit -A user", then there's no problem getting tickets with aklog. But how do I tell the PAM-module to exclude the addresses when it tries to get a ticket? Any ideas? (or is this a common problem and I just haven't looked around enough?) /Daniel