[krbdev.mit.edu #3237] Kerberos does not work inside Linux vservers

Christophe Nowicki via RT rt-comment at krbdev.mit.edu
Fri Nov 11 16:37:16 EST 2005


Hi,

I'am trying to make kerberos working inside a Linux Vserver
(http://linux-vserver.org/). Am using debian's version 1.3.6-5 of
kerberos. 

My vserver has many network interfaces :

#/sbin/ifconfig

eth0      Link encap:Ethernet  HWaddr 00:40:63:DC:ED:EE  
          inet addr:192.168.42.1  Bcast:192.168.42.255
Mask:255.255.255.0
...

eth0:cact Link encap:Ethernet  HWaddr 00:40:63:DC:ED:EE  
          inet addr:192.168.42.21  Bcast:192.168.42.255
Mask:255.255.255.0
...

eth0:kdc  Link encap:Ethernet  HWaddr 00:40:63:DC:ED:EE  
          inet addr:192.168.42.27  Bcast:192.168.42.255
Mask:255.255.255.0
...

With the vserveur patch, programs are not able to bind to thoses
interfaces. There can bind only the current vserver interface
(192.168.42.27 in this case).

But krb5kdc, try to bind on *EVERY* network interface avalide :

Nov 11 19:39:08 kdc krb5kdc[13311]: setting up network...
Nov 11 19:39:08 kdc krb5kdc[13311]: skipping unrecognized local address
family 17
Nov 11 19:39:08 kdc krb5kdc[13311]: Cannot assign requested address -
Cannot bind server socket to port 88 address 192.168.42.1
                                             ^ this is the first network
                                                interface
Nov 11 19:39:08 kdc krb5kdc[13311]: set up 0 sockets
Nov 11 19:39:08 kdc krb5kdc[13311]: no sockets set up?

krb5kdc fail to start.

I suggest to allow users to bind krb5kdc server on a specific
interface with the addresses  directive in the kdcdefaults section of
the kdc.conf file, like that:

[kdcdefaults]
       kdc_ports = 750,88
       addresses = 192.168.42.27

Best Regards,

-- 
Nowicki Christophe                                  
EPITECH Promo 2006                                 
http://people.easter-eggs.org/~cnowicki/



More information about the krb5-bugs mailing list