On Tue, 2007-05-22 at 21:13 -0500, Love Hörnquist Åstrand wrote: > > Ehm, is this really necessary? Is this a concession towards all users > > that are behind NAT? But in this case, would it not be good enough to > > have something in between (say called "auto") which uses the > > no-address strategy only when the client is a RFC1597 adrdess and the > > other part is not? (No, I don't feel the urge to make "auto" work for > > folks that use NAT between different RFC1597 nets). > > RFC1918 updates RFC1597. > > One problem is that when you forward ticket to another host, you have > to know, or guess, what addresses the host have addresses. In gss-api > you don't know the addresses, because the addresses is hidden behind > a name, and the name doesn't reflect all addresses a host have. I'm > pretty sure I've recived a bug-repport from you on this issue, you can't > have the cake and eat it too. The big issue we had was when the host is on a netbios name, but not DSN name, and only Samba can resolve that name (because most systems don't use nss_wins). We then had DNS timeouts and other fun things in this codepath. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
This is a digitally signed message part