Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Can I use Kerberos for Macintosh behind a NAT (Network Address Translation)?

address Kerberos Macintosh NAT Network Translation
0
Profile photo of LindseyMyer LindseyMyer
Posted

Can I use Kerberos for Macintosh behind a NAT (Network Address Translation)?

0 CommentsAdd a Comment

2 Answers

0
Profile photo of LindseyMyer LindseyMyer

In some cases, yes. Kerberos 4 does not support addressless tickets, so no Kerberos 4 or KClient-using application can be made to work behind a NAT. However, Kerberos 5 can be told to use addressless tickets, which will allow Kerberos 5-using applications to work behind a NAT. However, applications that use the GSSAPI and require channel bindings, such as FTP, will still not work.

0 CommentsAdd a Comment
0

In some cases, yes. Kerberos 4 does not support addressless tickets, so no Kerberos 4 or KClient-using application can be made to work behind a NAT. However, Kerberos 5 can be told to use addressless tickets, which will allow Kerberos 5-using applications to work behind a NAT. However, applications that use the GSSAPI and require channel bindings, such as FTP, may still not work. Mac OS X 10.3 and 10.4 get addressless tickets by default, although you can change this setting by setting the “Get tickets without IP addresses” checkbox in the Authenticate to Kerberos dialog (click on the “Show Options” button or choose “Options…” from the pulldown menu to see this checkbox).

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123