On 1/3/20 1:06 PM, Jeffrey T. Hutzelman wrote:
> Rather than making complex changes to the protocol, why not switch to
> directional addresses? Certainly the client and server would have to agree on
> this, but for kprop, a command-line switch would be sufficient.
I was considering a change like
behalf of Greg
Hudson
Sent: Friday, January 3, 2020 11:53 AM
To: Jerry Shipman; kerberos@mit.edu
Subject: Re: kprop with multiple or NATted IP address
On 1/3/20 11:00 AM, Jerry Shipman wrote:
> I am continuing (sorry) my old 2016 thread (part of it below) about trying to
> kprop through
Aha! This (-x unlockiter) looks like it will solve my immediate problem. Thanks
a lot.
Happy new year!
Jerry
-Original Message-
From: Greg Hudson
Date: Friday, January 3, 2020 at 11:53 AM
To: "Jeremiah E. Shipman" , "kerberos@mit.edu"
Subject: Re: kprop with m
On 1/3/20 11:00 AM, Jerry Shipman wrote:
> I am continuing (sorry) my old 2016 thread (part of it below) about trying to
> kprop through a NAT.
Apologies that I didn't follow up on that. In that thread, I wrote:
> Many protocols aren't susceptible to reflection
> attacks because they don't use
r 24, 2015 at 12:21 AM
To: "Jeremiah E. Shipman" , "kerberos@mit.edu"
Subject: Re: kprop with multiple or NATted IP address
On 12/23/2015 03:50 PM, Jerry Shipman wrote:
> Is there a way to do what I’m trying to do?
> Or, is there a reason that it is dangerous to avo
Russ Allbery writes:
> Jerry Shipman writes:
>
>> (I thought about that about 5 minutes after I sent the email — oops.)
>
>> I guess my question is: does kprop do anything other than: secrecy of
>> the data in transmission, integrity of the transmission, kdb5_util
>> dump/load ? Or can I really
Jerry Shipman writes:
> (I thought about that about 5 minutes after I sent the email — oops.)
> I guess my question is: does kprop do anything other than: secrecy of
> the data in transmission, integrity of the transmission, kdb5_util
> dump/load ? Or can I really do the same thing in a cron job
(I thought about that about 5 minutes after I sent the email — oops.)
I guess my question is: does kprop do anything other than: secrecy of the data
in transmission, integrity of the transmission, kdb5_util dump/load ? Or can I
really do the same thing in a cron job (or maybe 2, one on each end)
Jerry Shipman writes:
> It’s me again, who was trying to kprop through a NAT a month ago.
> Hypothetically speaking… how bad of an idea would it be to make a cron
> job that `scp`s the database file to the slave KDC, or something like
> that? Does the slave KDC daemon need to restart after the f
Hello,
It’s me again, who was trying to kprop through a NAT a month ago.
Hypothetically speaking… how bad of an idea would it be to make a cron job that
`scp`s the database file to the slave KDC, or something like that? Does the
slave KDC daemon need to restart after the file is updated, maybe?
Hi,
you can use dnsmasq to resolv the local hostname correctly and forward the
other requests to DNS.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 12/23/2015 03:50 PM, Jerry Shipman wrote:
> Is there a way to do what I’m trying to do?
> Or, is there a reason that it is dangerous to avoid verifying that IP match,
> and I shouldn’t try to work around it?
The only really useful purpose of checking addresses is preventing
reflection attacks,
On Wed, 23 Dec 2015, Jerry Shipman wrote:
> I think that kpropd is trying to look up the hostname of the master in DNS,
> and seeing the public IP, instead of the private IP which the connection is
> coming from, and then aborting because of that mismatch (or something like
> that).
> On a lark
13 matches
Mail list logo
