[EMAIL PROTECTED] wrote: > Using krb5-1.4.3 on a Redhat system and I get the following error from > kpasswd: > > Failed decrypting request > > The admin server is accessed via VPN/NAT and from the sparse info I could > find, I suspect that's the issue. DNS does show that my VPN IP matches > the hostname. > > Questions... > > Is that the cause of the error? > > Are there plans to fix this? > > If there are no plans to fix it (or it can't be fixed)... is there any > possibility the error message could be a bit more descriptive? > > I'm trying to deploy kerberos to a large number of users, many will be > accessing our systems via the VPN and I'm sure this will be an issue.
You cannot use the MIT kpasswd through a NAT. The IP address of the client as seen by the server must match the one the client sees. When the IETF completes the new set/change password protocol I'm sure that MIT will consider implementing it. Jeffrey Altman ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
