On 09/22/2013 06:40, Martin Laabs wrote: > I noticed that kerberos stops working when enabling the privacy extension. > This is caused by the changing outgoing IP that does not fit to the dns > name anymore (or do not have a dns record at all) > So every host enabling the privacy extension will be unable to use kerberos > and kerberos enabled services like nfs. > This is a very problematic behavior and I would like to know if there is a > way getting around this.
You can request tickets that are not limited to specific IP addresses. This is obviously not ideal. I also don't follow Kerberos development very closely, so there might be a better solution, such as changing the IP address in the ticket during a renewal, or requesting a subnet instead of an IP address. Good luck. I, for one, would like to hear if you find other options. Eric _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
