[988] in Kerberos_V5_Development
Re: Krb5 & IP addresses
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Feb 1 01:05:46 1996
To: John T Kohl <jtkohl@MIT.EDU>
Cc: "Richard Basch" <basch@lehman.com>, krbdev@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 01 Feb 1996 01:05:31 -0500
In-Reply-To: John T Kohl's message of Wed, 31 Jan 1996 21:42:29 -0500
>>>>> "John" == John T Kohl <jtkohl@MIT.EDU> writes:
John> If you expect to use the ticket from multiple IP addresses,
John> why not put them all into the ticket request? have kinit
John> understand what IP addresses are used on your firewall, and
John> all the IPv4/v6 mapped addresses, etc.
John> ==John
This really shouldn't be an issue for kinit; it should be an
issue for krb5_crypto_os_localaddr. (Well, deciding to have null
addresses is a kinit issue, I guess, and possibly a configuration file
for firewalls proxies.)
Also, you should consider having your proxy clients actually
get a proxy Kerberos ticket.
--Sam
