"Tracy J. Di Marco White" <gendalia@iastate.edu> writes:

> }How'd you get kerberos to put the NAT machine's IP address in the
> }kerberos packets?
> 
> It may have something to do with the way Windows does kerberos, that's
> the only machine I have behind a NAT.  Everything seems to be working
> more or less ok.

I don't think Windows puts an address in the ticket at all.

What is really needed is an addition to the krb5.conf file.  Someone
should code this.  :)

[libdefaults]
	scan_interfaces = no
	add_ipaddresses = 1.2.3.4, 2.3.4.5

> I'd test a NetBSD box, but I upgraded to -current, and am trying to
> figure out why the crypto-us stuff won't compile.  (Problems with
> libcrypto, possibly self-inflicted by the way I upgraded.)

libcrypto != krb5's librypto.  Some parts of the system think krb5's
libcrypto is "libcrypto" while others know it was renamed to
"libk5crypto"

--Michael