Re: Kerberos4 and check-ticket-addresses

[Love <lha@stacken.kth.se>]

Andreas Haupt <ahaupt@ifh.de> writes:

> On Tue, 6 May 2003, Love wrote:
>
>> Oh, forwarding tickets isn't really supported in Kerberos 4, it just works
>> with kaserver since kaserver doesn't check the address in the ticket.
>
> So why is it enabled by default in the Kerberos4 code of the kdc? The
> kaserver does not do this - why does it the kaserver _emulation_?

I thought the kaserver emulation didn't check ip address, but the krb4
emulation did. When I look at your kerberos error it seems like a kerberos
4 error code. Are you sure you talk to the kaserver ?

BTW, the openafs kaserver includes a krb4 server, and it have the same
feature as the kaserver, it doesn't check ip-address in the ticket.

Love