On Wed, 16 Jan 2002, Ken Hornstein wrote: > "Forwarding" really means two things - passing the ticket plus > session key to a remote machine, and changing the IP address in > the ticket to match that of the remote machine. The first isn't > that hard to do (but requires support from the protocol); the second > is not possible in V4. It just so happens that AFS is an application > that ignores the IP address in the V4 ticket, so that happens to > work. But no other V4 services will.
I hate to confuse this issue, but: -other applications *may* choose not to enforce the IP address in the tickets always (you can modify krb_rd_req to effect this) more importantly: -you can made the krb4 KDC set a zero IP address in the issued ticket, in which case it's simply not enforced. The kaserver is one such KDC. Everything else Ken says is true. -D _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
