This is interesting. I'll look into it and see if it will work with what we need for now. Otherwise, I'll try to expedite our kerberos decisions so that I can just figure out how to migrate our kaserver stuff (and the associated users, etc) to a new krb5 install.
Thanks, and I'll let you know how this works out! -stefan On Wed, Nov 19, 2008 at 03:25:17PM -0500, Marcus Watts wrote: > Ok. They're on the same subnet. This permits an interesting 'trick', > which works like this: > > Client sends to special program on host1. > special program on host1 forwards the packet to host2, > using the client's ip address. > host2 receives the packet, > thinks it came from client, > does its thing, then sends to client. > Client receives the packet from host2, associates it with originating > rpc and completes the call. > > Basically, the packets follow a triangular path. Here's sample > code for the very small "special program" on host1: > > /afs/umich.edu/group/itd/build/mdw/tmp/buredir-m2.tgz > > This uses a raw socket in order to "forge" packets that appear to come > from the client. It needs to run on the same lan segment so that the > routers don't have an opportunity to discard the packet that's originating > from the "wrong" subnet. > > We used something like this at umich.edu for many years to locate > buserver and budb on a separate host from the database servers, back > when db server real estate was a scarce resource. > > -Marcus Watts > -- Stefan Strandberg UNIX group Computer Aided Engineering - UW Madison [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
