Re: Kerberos5 NAT and kftp

Mon, 25 Nov 2002 09:59:21 -0800 

Quoth [EMAIL PROTECTED] (Jeffrey Altman):
| You need to use an FTP client that allows you to disable the use 
| of channel bindings.  See C-Kermit
|
|   http://www.kermit-project.org/ckermit.html
|
| It will do what you need when the command
|
|   SET AUTH K5 NO-ADDR ON

You also need a patched ftpd, right?  Or does the GSS ftpd from
the current MIT release now support clients from behind a NAT?

        Donn Cave, [EMAIL PROTECTED]
----------------------------------------
| In article <[EMAIL PROTECTED]>,
| Protima Chhabra <[EMAIL PROTECTED]> wrote:
| : Hi,
| : 
| : I have a Kerberos client sitting behind a firewall doing NAT. I have 
| : patched my client and added the proxy gateway to my configuration file, as 
| : explained in the document below
| :      
|http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/firewall.html#proxy
| : 
| : I can get a ticket, get ktelnet to work with an error message, but kftp 
| : does not work, as shown below. Can someone tell me what is it that I am 
| : doing wrong.
| : 
| : Thanks
| : Protima
| : 
| : 
|------------------------------------------------------------------------------------------------------------------------------------------
| : kclient101% klist
| : Ticket cache: /tmp/krb5cc_11617
| : Default principal: [EMAIL PROTECTED]
| : 
| : Valid starting     Expires            Service principal
| : 11/14/02 19:06:17  11/15/02 05:06:15  [EMAIL PROTECTED]
| : 
| : 
| : kclient102% ktelnet opal0-gx.main.KRB.COM
| : Trying 255.255.255.255... Connected to opal0-gx.main.KRB.COM
| : (255.255.255.255). Escape character is '^]'. [ Kerberos V5 accepts you as
| : ``[EMAIL PROTECTED]'' ] [ Kerberos V5 refuses forwarded credentials because
| : Read forwarded creds failed: Incorrect net address ] Last login: Thu Nov 14
| : 17:58:26 from 68.156.252.64.snet.net
| : opal0> exit
| : opal0> logout
| : Connection closed by foreign host.
| : 
| : kclient103% kftp opal0-gx.main.KRB.COM
| : Connected to opal0-gx.main.KRB.COM.
| : 220 opal0 FTP server (Version 5.60) ready.
| : 334 Using authentication type GSSAPI; ADAT must follow
| : GSSAPI accepted as authentication type
| : GSSAPI error major: Incorrect channel bindings were supplied
| : GSSAPI error minor: No error
| : GSSAPI error: accepting context
| : GSSAPI ADAT failed
| : GSSAPI authentication failed
| : Name (opal0.main.KRB.COM:user):
| : 530 User user access denied: authentication required.
| : Login failed.
| : Remote system type is UNKNOWN.
| : ftp> bye
| : 221 Goodbye.
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to