[33369] in Kerberos
Re: PKINIT and NAT
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Thu May 5 11:37:05 2011
Message-ID: <4DC2C419.3040908@anl.gov>
Date: Thu, 05 May 2011 10:36:57 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <4DC21A77.2050705@cbnco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 5/4/2011 10:33 PM, Bram Cymet wrote:
> Hi,
>
> I am having this odd problem where if I do a kinit from behind a nat
> with a password it works just fine. However if I use certs with pkinit
> then I can see all the verification being done and I can see the server
> granting the ticket but then when it goes to send back the ticket to the
> client it can't reach the client any more and fails.
>
> Is this a known problem? Is there anything I can do to fix it?
Is this some UDP timeout issue or UDP vs TCP issue?
In the krb5.conf file you can force TCP with:
udp_preference_limit = 1
>
> Thanks,
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
