Quoth [EMAIL PROTECTED] (Jeffrey Altman): | You need to use an FTP client that allows you to disable the use | of channel bindings. See C-Kermit | | http://www.kermit-project.org/ckermit.html | | It will do what you need when the command | | SET AUTH K5 NO-ADDR ON
You also need a patched ftpd, right? Or does the GSS ftpd from the current MIT release now support clients from behind a NAT? Donn Cave, [EMAIL PROTECTED] ---------------------------------------- | In article <[EMAIL PROTECTED]>, | Protima Chhabra <[EMAIL PROTECTED]> wrote: | : Hi, | : | : I have a Kerberos client sitting behind a firewall doing NAT. I have | : patched my client and added the proxy gateway to my configuration file, as | : explained in the document below | : |http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/firewall.html#proxy | : | : I can get a ticket, get ktelnet to work with an error message, but kftp | : does not work, as shown below. Can someone tell me what is it that I am | : doing wrong. | : | : Thanks | : Protima | : | : |------------------------------------------------------------------------------------------------------------------------------------------ | : kclient101% klist | : Ticket cache: /tmp/krb5cc_11617 | : Default principal: [EMAIL PROTECTED] | : | : Valid starting Expires Service principal | : 11/14/02 19:06:17 11/15/02 05:06:15 [EMAIL PROTECTED] | : | : | : kclient102% ktelnet opal0-gx.main.KRB.COM | : Trying 255.255.255.255... Connected to opal0-gx.main.KRB.COM | : (255.255.255.255). Escape character is '^]'. [ Kerberos V5 accepts you as | : ``[EMAIL PROTECTED]'' ] [ Kerberos V5 refuses forwarded credentials because | : Read forwarded creds failed: Incorrect net address ] Last login: Thu Nov 14 | : 17:58:26 from 68.156.252.64.snet.net | : opal0> exit | : opal0> logout | : Connection closed by foreign host. | : | : kclient103% kftp opal0-gx.main.KRB.COM | : Connected to opal0-gx.main.KRB.COM. | : 220 opal0 FTP server (Version 5.60) ready. | : 334 Using authentication type GSSAPI; ADAT must follow | : GSSAPI accepted as authentication type | : GSSAPI error major: Incorrect channel bindings were supplied | : GSSAPI error minor: No error | : GSSAPI error: accepting context | : GSSAPI ADAT failed | : GSSAPI authentication failed | : Name (opal0.main.KRB.COM:user): | : 530 User user access denied: authentication required. | : Login failed. | : Remote system type is UNKNOWN. | : ftp> bye | : 221 Goodbye. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos