> > doesn't this require the NAT to use the same inside<->outside > > address binding for the connection between the client and the KDC as > > for the connection between the client and the application server? > > e.g. it seems like the NAT could easily change address bindings > > during the lifetime of a ticket. > > True. However, the same problem applies without NAT if the client > changes address bindings, granted, but how often do clients change address bindings in practice? > so I wouldn't say this is really a NAT-related problem. of course it's a NAT-related problem, in the sense that if you have a NAT box and want to use Kerberos you are highly likely to observe the problem. for almost every kind of harm that NATs do to applications you can find some other means of causing the same problem. but just because the problem can be caused by other things doesn't mean it's not related to NATs. Keith
- Re: draft-ietf-nat-protocol-complications-02.txt Jeffrey Altman
- Re: draft-ietf-nat-protocol-complications-02.txt J. Noel Chiappa
- Re: draft-ietf-nat-protocol-complications-02.txt Keith Moore
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Greg Hudson
- Re: draft-ietf-nat-protocol-complications-02.... Keith Moore
- Re: draft-ietf-nat-protocol-complications... Bill Sommerfeld
- Re: draft-ietf-nat-protocol-complications... Greg Hudson
- Re: draft-ietf-nat-protocol-complicat... Keith Moore
- Re: draft-ietf-nat-protocol-complications... Paul B. Hill
- Re: draft-ietf-nat-protocol-complications-02.txt Jeffrey Altman
- Re: draft-ietf-nat-protocol-complications-02.txt Jeffrey Altman
- Re: draft-ietf-nat-protocol-complications-02.txt J. Noel Chiappa
- Re: draft-ietf-nat-protocol-complications-02.txt Masataka Ohta
- Re: draft-ietf-nat-protocol-complications-02.txt Theodore Y. Ts'o
- Re: draft-ietf-nat-protocol-complications-02.... Keith Moore
- Re: draft-ietf-nat-protocol-complications-02.txt Thomas Narten
- Re: draft-ietf-nat-protocol-complications-02.txt Pyda Srisuresh
- Re: draft-ietf-nat-protocol-complications-02.txt Henning Schulzrinne