can we FTP upload behind firewall and NAT
Hi!
Does anyone ever succeed upload files to a kerberised server from
a compute node behind a firewall and NAT.
Here's the error message.
1. I tried getting addressless credentials by doing 'kinit -n'.
2. However, ftp gives me following error.
GSSAPI accepted as authentication type
GSSAPI error major: Incorrect channel bindings were supplied
GSSAPI error minor: No error
GSSAPI error: accepting context
GSSAPI ADAT failed
GSSAPI authentication failed
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (fcdfdata114.fnal.gov:schsu): schsu
Password:
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
many thanks,
Shih-Chieh
ps I've tried that anonymous with passive mode allow me download file.
________________________________________________
Kerberos mailing list [email]Kerberos@mit.edu[/email]
[url]https://mailman.mit.edu/mailman/listinfo/kerberos[/url]
Re: can we FTP upload behind firewall and NAT
Shih-Chieh
You can use it behind a firewall if you switch off the channel binding. If I
remember right the latest MIT sources don't use channel bindings anymore,
Heimdal and proftpd with mod_gss have an option for the daemon to switch it
off.
The other problem you may have is that the FW can't inspect to PORT/PASV
command anymore to open the right ports of a stateful firewall and to
replace ports if needed.
Regards
Markus
"Shih-Chieh Hsu" <schsu@fnal.gov> wrote in message
news:427DBD95.5070906@fnal.gov...[color=blue]
> Hi!
>
> Does anyone ever succeed upload files to a kerberised server from
> a compute node behind a firewall and NAT.
>
> Here's the error message.
> 1. I tried getting addressless credentials by doing 'kinit -n'.
> 2. However, ftp gives me following error.
> GSSAPI accepted as authentication type
> GSSAPI error major: Incorrect channel bindings were supplied
> GSSAPI error minor: No error
> GSSAPI error: accepting context
> GSSAPI ADAT failed
> GSSAPI authentication failed
> KERBEROS_V4 accepted as authentication type
> Kerberos V4 krb_mk_req failed: You have no tickets cached
> Name (fcdfdata114.fnal.gov:schsu): schsu
> Password:
> Login failed.
> Remote system type is UNIX.
> Using binary mode to transfer files.
>
>
> many thanks,
>
> Shih-Chieh
> ps I've tried that anonymous with passive mode allow me download file.
>
> ________________________________________________
> Kerberos mailing list [email]Kerberos@mit.edu[/email]
> [url]https://mailman.mit.edu/mailman/listinfo/kerberos[/url]
>[/color]
