Kerberos -Addressless ticket
From Provider Wiki
Contents |
Kerberos Addressless tickets
When it becomes necessary to access a "Kerberized" resource on PennNet from off campus, such as through a router on a home network, it is usually required to configure the local Kerberos ticket manager to obtain an "addressless" ticket. The addressless ticket contains no IP information. The kerberized resource will not be concerned with the NATed (Network Address Translation) IP address of the local system and accept this kind of ticket for authentication.
Configuring Kerberos for Windows 3.2.0 for Addressless tickets (Windows XP/Vista)
- Destroy any existing tickets -select the UPENN.EDU credential In the Network Identity Manager list and click the Destroy Credential button (or just hit Delete key).
- In the Network Identity Manager window select Identities on the Options menu.
- In the Global Identity Settings window click the Kerberos V5 tab.
- In the Kerberos V5 tab place a check mark in the Addressless check box.
- Click OK button to close the Configuration dialog box.
- Obtain a new addressless Kerberos ticket -select the appropriate credential In the Network Identity Manager list and click Obtain new credentials button.
Configuring Kerberos for Macintosh 5.2.0 for Addressless tickets (Mac OS 10.3.9 & Later)
- Destroy any existing tickets -select the UPENN.EDU credential in the Kerberos ticket list and click the Destroy icon in the tool bar (or type Cmd-D)
- Select Proferences... from the Kerberos menu
- In the Kerberos Preferences window click the Default Ticket Options "tab"
- In the Default Ticket Options tab put a check mark in the "Get tickets without IP addresses (NAT mode)" checkbox.
- Click OK button to close the Kerberos Preferences dialog box.
- Obtain a new addressless Kerberos ticket -click the New icon in the Kerberos tool bar.
Configuring Kerberos for Addressless tickets (Linux)
- use 'kinit -A' instead of 'kinit'. See the kinit man page for more info.
- this also works on OS X
