Date: Sat, 13 Sep 1997 21:05:25 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: bugs@freebsd.org Subject: Kerberos Implentation "feature" Message-ID: <Pine.BSF.3.96.970913210105.445C-100000@cyrus.watson.org>
next in thread | raw e-mail | index | archive | help
Configuration: Host Fledge, two ethernet cards: de0 (SMC), ed0 SMC). Is 128.2.91.116 on ed0, and 192.0.2.3 on de0 (unrouted network.) Additionall, host kerberos server (chiron) exists with ed0 (128.2.91.56) and ed1 (192.0.2.2). The problem is this: User attempts to log into fledge. Fledge sends out a kerberos authentication query on de0 (external network), but uses IP address from internal network as from address. Chiron receives the query, validates it, and then responds on the internal network because it received it from that IP address. The hostnames do not match up on the two networks -- internal IPs are addressed using pr-hostname, not hostname, so there shouldn't be a problem there. All names used to configure Kerberos are on the outside network. How can I get kerberos in login, ssh, etc to send its requests from the IP address for the interface it ends up using? Sending out a packet with the wrong IP address as source is a severe problem.. Is there a good way to fix this? It may be because de0 is probed first, but don't know. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970913210105.445C-100000>