From owner-freebsd-net@FreeBSD.ORG  Sun Sep 22 11:55:33 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id A9A5E83B
 for <freebsd-net@FreeBSD.org>; Sun, 22 Sep 2013 11:55:33 +0000 (UTC)
 (envelope-from mailinglists@martinlaabs.de)
Received: from relay02.alfahosting-server.de (relay02.alfahosting-server.de
 [109.237.142.238])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6816A2AC8
 for <freebsd-net@FreeBSD.org>; Sun, 22 Sep 2013 11:55:33 +0000 (UTC)
Received: by relay02.alfahosting-server.de (Postfix, from userid 1001)
 id 6A8B332C0911; Sun, 22 Sep 2013 13:40:35 +0200 (CEST)
X-Spam-DCC: : 
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=7.0 tests=BAYES_50 autolearn=disabled
 version=3.2.5
Received: from alfa3018.alfahosting-server.de (alfa3018.alfahosting-server.de
 [109.237.140.30])
 by relay02.alfahosting-server.de (Postfix) with ESMTPS id 2B77632C08E7
 for <freebsd-net@FreeBSD.org>; Sun, 22 Sep 2013 13:40:34 +0200 (CEST)
Received: from desktop-01.martinlaabs.de (p54B33B22.dip0.t-ipconnect.de
 [84.179.59.34])
 by alfa3018.alfahosting-server.de (Postfix) with ESMTPSA id 82DCD515C0B1
 for <freebsd-net@FreeBSD.org>; Sun, 22 Sep 2013 13:40:33 +0200 (CEST)
Message-ID: <523ED730.2030900@martinlaabs.de>
Date: Sun, 22 Sep 2013 13:40:32 +0200
From: Martin Laabs <mailinglists@martinlaabs.de>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130809 Thunderbird/17.0.8
MIME-Version: 1.0
To: freebsd-net@FreeBSD.org
Subject: IPv6 privacy extensions breaks kerberos
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.4 with ClamAV 0.97.3/17883/Sun Sep
 22 06:41:18 2013
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2013 11:55:33 -0000

Hi,

I noticed that kerberos stops working when enabling the privacy extension.
This is caused by the changing outgoing IP that does not fit to the dns
name anymore (or do not have a dns record at all)
So every host enabling the privacy extension will be unable to use kerberos
and kerberos enabled services like nfs.
This is a very problematic behavior and I would like to know if there is a
way getting around this.

Thank you,
 Martin Laabs