[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Incorrect net address" with kpasswdd
I think I misinterpreted some things; I'll try to describe my problem
again:
* When using kpasswd from the client behind the NAT device and
_not_ specifying the NAT devices external address in krb5.conf
(libdefaults -> extra_addresses), after I enter my (existing)
password the kdc complains about 'Bad address list requested',
and the client prints
kpasswd: failed to get credentials: Incorrect net address
(as expected).
* After setting extra_addresses to the NAT devices external address
and executing kpasswd on the client, entering the (existing)
password succeeds (according to what kdc logs), and kpasswd asks
for the new password. Entering this twice results in kpasswdd
logging
kpasswdd[2596]: Bad version (65408)
kpasswdd[2509]: krb5_rd_priv: Incorrect net address
and the client printing
Auth error : Bad request
BTW: some debugging showed that krb5_context->extra_addresses in
kpasswd really contains the NAT devices external IPv4 address.
Help is appreciated!
TIA, Jukka
Jukka Salmi --> heimdal-discuss (2004-11-25 16:39:12 +0100):
> Jukka Salmi --> heimdal-discuss (2004-11-25 13:20:37 +0100):
> > Hi,
> >
> > I'm having problems changing my Kerberos password on a client which
> > is behind a NAT box (changing the password on a machine in the same
> > subnet as the kdc works fine). kpasswdd logs the following:
> >
> > kpasswdd[18732]: Bad version (65408)
> > kpasswdd[21991]: krb5_rd_priv: Incorrect net address
> >
> > IIRC I was having the same problem (at least the 'Incorrect net
> > address') with kinit until I set 'extra_addresses' to the external
> > address of the NAT box.
> >
> > How can I solve this problem?
>
> ...forgot to note:
>
> The kdc runs on NetBSD 2.0_RC5, client is NetBSD-current (both i386);
> they both use Heimdal 0.6.3 shipped with the base system. Please tell
> if I should supply more information.
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~