[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Addressless tickets in 0.8.x

On Tue, 2007-05-22 at 21:13 -0500, Love Hörnquist Åstrand wrote:
> > Ehm, is this really necessary? Is this a concession towards all users
> > that are behind NAT? But in this case, would it not be good enough to
> > have something in between (say called "auto") which uses the
> > no-address strategy only when the client is a RFC1597 adrdess and the
> > other part is not? (No, I don't feel the urge to make "auto" work for
> > folks that use NAT between different RFC1597 nets).
> RFC1918 updates RFC1597.
> One problem is that when you forward ticket to another host, you have
> to know, or guess, what addresses the host have addresses. In gss-api
> you don't know the addresses, because the addresses is hidden behind
> a name, and the name doesn't reflect all addresses a host have. I'm
> pretty sure I've recived a bug-repport from you on this issue, you can't
> have the cake and eat it too.

The big issue we had was when the host is on a netbios name, but not DSN
name, and only Samba can resolve that name (because most systems don't
use nss_wins).  We then had DNS timeouts and other fun things in this

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

This is a digitally signed message part