Q: Obtaining Address-less Tickets in Kerberos for Windows
Answer
Address-less tickets help you use Kerberos-enabled services from behind residential gateways, so-called "NAT-boxes", firewalls, and other systems that give you internet access by presenting a different address to remote servers than is actually being used by your computer.
The easiest way to obtain address-less tickets in Kerberos for Windows is to install and use KfW.
Address-less tickets can also be obtained in the following ways:
- Use the command-line program kinit -A instead of Leash.
A command-shell window will open and ask for your password. After you get it, the window closes and you have address-less tickets. - Add a setting to the krb5.ini file on your PC (search in your Windows directory for it and open it in Notepad). You need to add "noaddresses = true" to the section labelled "[libdefaults]". Save the file and exit; Leash will now obtain address-less tickets. The resulting section in the file looks like:
[libdefaults]
default_realm = ATHENA.MIT.EDU
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
forwardable = true
proxiable = true
noaddresses = true