What changes with Kerberos authentication in IPv6 when everyone has a public IPv6 Address?

Question

How should Kerberos authentication be set up with IPv6?

What implications are there when client devices each use a public, globally routeable IPv6 IP address?

What changes when setup this way instead of using a NAT as was the norm with IPv4?

Answer 1

1. The same way as with IPv4, but with AAAA records instead of A records. Use IP6.ARPA instead of in-addr.arpa if rDNS is part of your setup.
2. If you were port forwarding before, you don't have to do that. If you were relying on a lack of port forwarding to shield your services from the internet, setup a firewall ( iptables / router ACLs ) instead.