>> If there are no plans to fix it (or it can't be fixed)... is there any >> possibility the error message could be a bit more descriptive? >> >> I'm trying to deploy kerberos to a large number of users, many will be >> accessing our systems via the VPN and I'm sure this will be an issue. > >You cannot use the MIT kpasswd through a NAT. The IP address of the >client as seen by the server must match the one the client sees. > >When the IETF completes the new set/change password protocol I'm sure >that MIT will consider implementing it.
If you can't wait for that, fixing the current server to work when the client is behind a NAT is only about 20-30 lines of code. I believe the mailing list archives would show you the different solutions various people have come up with. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
