[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Incorrect net address" with kpasswdd

I think I misinterpreted some things; I'll try to describe my problem

* When using kpasswd from the client behind the NAT device and
  _not_ specifying the NAT devices external address in krb5.conf
  (libdefaults -> extra_addresses), after I enter my (existing)
  password the kdc complains about 'Bad address list requested',
  and the client prints

	kpasswd: failed to get credentials: Incorrect net address

  (as expected).

* After setting extra_addresses to the NAT devices external address
  and executing kpasswd on the client, entering the (existing)
  password succeeds (according to what kdc logs), and kpasswd asks
  for the new password. Entering this twice results in kpasswdd

	kpasswdd[2596]: Bad version (65408)
	kpasswdd[2509]: krb5_rd_priv: Incorrect net address

  and the client printing

	Auth error : Bad request

BTW: some debugging showed that krb5_context->extra_addresses in
kpasswd really contains the NAT devices external IPv4 address.

Help is appreciated!

TIA, Jukka

Jukka Salmi --> heimdal-discuss (2004-11-25 16:39:12 +0100):
> Jukka Salmi --> heimdal-discuss (2004-11-25 13:20:37 +0100):
> > Hi,
> > 
> > I'm having problems changing my Kerberos password on a client which
> > is behind a NAT box (changing the password on a machine in the same
> > subnet as the kdc works fine). kpasswdd logs the following:
> > 
> > 	kpasswdd[18732]: Bad version (65408)
> > 	kpasswdd[21991]: krb5_rd_priv: Incorrect net address
> > 
> > IIRC I was having the same problem (at least the 'Incorrect net
> > address') with kinit until I set 'extra_addresses' to the external
> > address of the NAT box.
> > 
> > How can I solve this problem?
> ...forgot to note:
> The kdc runs on NetBSD 2.0_RC5, client is NetBSD-current (both i386);
> they both use Heimdal 0.6.3 shipped with the base system. Please tell
> if I should supply more information.

bashian roulette:
$ ((RANDOM%6)) || rm -rf ~