[4268] in Kerberos
"Incorrect network address" Anybody fix this in V4? Is it
daemon@ATHENA.MIT.EDU (snow)
Thu Dec 1 18:48:29 1994
To: kerberos@MIT.EDU
Date: 1 Dec 1994 22:56:46 GMT
From: snow@zso.dec.om (snow)
Problem in a few sentences:
We have a problem with our kerberos clients having 2 ip address's.
kinit (port 750 for kerberos) goes out one ip address imbedding that
ip address in the ticket. Our kerberos application (using port 548)
connects using the other ip address. Because the 2 ip address's don't
match, sendauth()/recvauth() fails.
Problem in more detail:
The client does a kinit (port 750) to get the ticket. The ticket
has imbedded the clients network address, known as ad->address.
The client connects to the application (port 548) using the
other network address. This other network address, know as
"from_addr", of the
host from which the message was received is obtained.
The "from_addr" and "ad->address" are compared, and they don't match,
thus causing the error, "Incorrect network address" down in a
subroutine,
krb_rd_req().
Example:
|---------| |-----------|
| kerberos| |application|
| subnet0 | | subnet 32 |
|---------| |-----------|
^ ^
| |
| |
|kinit (port 750) |sendauth()
(port 548)
| |
|__________________ _________________|
^ ^
^ ^
------------^----------^------------
| client |
| `hostname` on subnet 0 |
| second interface on subnet 32 |
------------------------------------
========================================================================
=
David W. Snow Phone: (206) 865-8855
Digital Equipment Corp. (M/S ZSO) DTN: 548-8855
14475 N.E. 24th Street Fax: (206) 865-8890
Bellevue, WA 98007 Email: snow@zso.dec.com
WWW:
//www.zso.dec.com/~snow/bio.html
