> In Kerberos 4, when the KDC receives a ticket request, it includes the > source IP address in the returned ticket. This works fine if the KDC > is across a NAT gateway, as long as all of the Kerberos services are > also across a NAT gateway. doesn't this require the NAT to use the same inside<->outside address binding for the connection between the client and the KDC as for the connection between the client and the application server? e.g. it seems like the NAT could easily change address bindings during the lifetime of a ticket. Keith
- Re: draft-ietf-nat-protocol-complications-02.txt J. Noel Chiappa
- Re: draft-ietf-nat-protocol-complications-02.txt Thomas Narten
- Re: draft-ietf-nat-protocol-complications-02.txt Robert G. Ferrell
- Re: draft-ietf-nat-protocol-complications-02.txt Jeffrey Altman
- Re: draft-ietf-nat-protocol-complications-02.txt J. Noel Chiappa
- Re: draft-ietf-nat-protocol-complications-02.txt Keith Moore
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Greg Hudson
- Re: draft-ietf-nat-protocol-complications-02.tx... Keith Moore
- Re: draft-ietf-nat-protocol-complications-0... Bill Sommerfeld
- Re: draft-ietf-nat-protocol-complications-0... Greg Hudson
- Re: draft-ietf-nat-protocol-complicatio... Keith Moore
- Re: draft-ietf-nat-protocol-complications-0... Paul B. Hill
- Re: draft-ietf-nat-protocol-complications-02.txt Jeffrey Altman
- Re: draft-ietf-nat-protocol-complications-02.txt Jeffrey Altman
- Re: draft-ietf-nat-protocol-complications-02.txt J. Noel Chiappa
- Re: draft-ietf-nat-protocol-complications-02.txt Masataka Ohta
- Re: draft-ietf-nat-protocol-complications-02.txt Theodore Y. Ts'o