[31242] in Kerberos
Re: kdc listening on too many interfaces
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Bj=F8rn_Tore_Sund?=)
Sun Jun 7 10:55:34 2009
Message-ID: <4A2BD4A9.8080208@it.uib.no>
Date: Sun, 07 Jun 2009 16:54:33 +0200
From: =?ISO-8859-1?Q?Bj=F8rn_Tore_Sund?= <bjorn.sund@it.uib.no>
MIME-Version: 1.0
To: Steve Devine <sd@msu.edu>
In-Reply-To: <20090607074819.96022n1kccd3nz7n@mail.msu.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Steve Devine wrote:
> Running Kerberos 5 release 1.6.3 on a new server - we have a backnet
> interface for Backups. When I start the kdc I see this in the logs:
>
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): setting up network...
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): skipping unrecognized
> local address family 17
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): skipping unrecognized
> local address family 17
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 8: udp
> MainIPAddress.88
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 9: udp
> MainIPAddress.750
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 10: udp
> BackNetIPAddress.88
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 11: udp
> BackNetIPAddress.750
>
> Everything works fine and in theory I see no harm but still it seems wrong.
> It seems like I ought to be able to disable listening on the backnet
> interface.
> Is this so or no?
> Lots of Googling have so far revealed nothing.
You need the man page. But briefly, in the [kdcdefaults] section of
kdc.conf, set kdc_ports to the port number(s) you want to listen to.
Note that in order to enable listening to tcp connections, you need to
specifically set kdc_tcp_ports to 88.
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund@it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
