[krbdev.mit.edu #6344] kadmind support for binding to specific local IPs
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Fri Jan 23 19:59:23 EST 2009
This is Debian bug http://bugs.debian.org/479405
kadmind currently supports an option to run on a different port, which
can be used to serve different realms on the same host with different
ports. However, this requires client knowledge of the kadmin port for
that realm, which requires pushing configuration to the clients. This
isn't as bad as it used to be given SRV records, but it would still be
nice to support binding only to particular IP addresses so that multiple
instances of kadmin can be run on the same server for different realms
using the standard ports.
This functionality would also allow kadmin to listen only on selected
interfaces, which can be useful in other cases apart from running
multiple copies of kadmind.
The implementation for TCP is fairly straightforward. It's somewhat
trickier for UDP, but I suspect that much of the UDP code is already
present in the KDC.
More information about the krb5-bugs
mailing list