You need to use an FTP client that allows you to disable the use of channel bindings. See C-Kermit
http://www.kermit-project.org/ckermit.html It will do what you need when the command SET AUTH K5 NO-ADDR ON In article <[EMAIL PROTECTED]>, Protima Chhabra <[EMAIL PROTECTED]> wrote: : Hi, : : I have a Kerberos client sitting behind a firewall doing NAT. I have : patched my client and added the proxy gateway to my configuration file, as : explained in the document below : :http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/firewall.html#proxy : : I can get a ticket, get ktelnet to work with an error message, but kftp : does not work, as shown below. Can someone tell me what is it that I am : doing wrong. : : Thanks : Protima : : :------------------------------------------------------------------------------------------------------------------------------------------ : kclient101% klist : Ticket cache: /tmp/krb5cc_11617 : Default principal: [EMAIL PROTECTED] : : Valid starting Expires Service principal : 11/14/02 19:06:17 11/15/02 05:06:15 [EMAIL PROTECTED] : : : kclient102% ktelnet opal0-gx.main.KRB.COM : Trying 255.255.255.255... Connected to opal0-gx.main.KRB.COM : (255.255.255.255). Escape character is '^]'. [ Kerberos V5 accepts you as : ``[EMAIL PROTECTED]'' ] [ Kerberos V5 refuses forwarded credentials because : Read forwarded creds failed: Incorrect net address ] Last login: Thu Nov 14 : 17:58:26 from 68.156.252.64.snet.net : opal0> exit : opal0> logout : Connection closed by foreign host. : : kclient103% kftp opal0-gx.main.KRB.COM : Connected to opal0-gx.main.KRB.COM. : 220 opal0 FTP server (Version 5.60) ready. : 334 Using authentication type GSSAPI; ADAT must follow : GSSAPI accepted as authentication type : GSSAPI error major: Incorrect channel bindings were supplied : GSSAPI error minor: No error : GSSAPI error: accepting context : GSSAPI ADAT failed : GSSAPI authentication failed : Name (opal0.main.KRB.COM:user): : 530 User user access denied: authentication required. : Login failed. : Remote system type is UNKNOWN. : ftp> bye : 221 Goodbye. : : :------------------------------------------------------------------------------------------------------------------------------------------ : : ________________________________________________ : Kerberos mailing list [EMAIL PROTECTED] : http://mailman.mit.edu/mailman/listinfo/kerberos : Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
