[31244] in Kerberos
Re: kdc listening on too many interfaces
daemon@ATHENA.MIT.EDU (Steve Devine)
Sun Jun 7 17:16:50 2009
Message-ID: <20090607171626.15552g4y3xsc7ne2@mail.msu.edu>
Date: Sun, 07 Jun 2009 17:16:26 -0400
From: "Steve Devine" <sd@msu.edu>
To: "Ken Raeburn" <raeburn@mit.edu>
In-Reply-To: <70769368-F2A8-4130-8814-10D9854FDF80@mit.edu>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Quoting "Ken Raeburn" <raeburn@MIT.EDU>:
> On Jun 7, 2009, at 07:48, Steve Devine wrote:
>> Everything works fine and in theory I see no harm but still it seems wrong.
>> It seems like I ought to be able to disable listening on the backnet
>> interface.
>> Is this so or no?
>
> At present there is no way to control which IP addresses the KDC
> process listens on. (The message from Bjørn Tore Sun outlines how
> to select the port numbers and whether the KDC listens for TCP
> connections, but not a change in IP addresses.) It's assumed for
> now that all IP addresses may be advertised in DNS as belonging to
> the KDC (yes, we know it's not necessarily true), so we should
> listen just in case. The ability to listen on just some addresses
> has been requested, but so far hasn't made it far up the priority
> list, since it's generally harmless as you say, unless there's some
> reason you need the KDC to *not* listen on certain IP addresses.
>
> --
> Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium
>
>
>
OK thanks Ken. Good to know I'm not missing something, many attempts
at this in kdc.conf were getting me nowhere.
/sd
Steve Devine
Email & Storage
Academic Technology Services
Michigan State University
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos