can kerberos listen on multiple UDP interfaces?

Gary LaVoy glavoy at apple.com
Mon Jul 14 20:26:34 EDT 2003 


How do I get the KDC to listen on multiple UDP IP interfaces?

I have my KDC's behind a load balancer and a local loopback defined with the IP
address of my Virtual IP (7.216.120.120). For the TCP protocal, you can see from
the netstat output below that it is listening on all *.4070 interfaces but for
UDP is is only listening to the etsx6.apple.com interface. I need it to also
listen to  17.216.120.120 on the lo0 interface.

Can't seem to find any mention of this in the docs. Is it possible?

thanks,

Gary (glavoy at apple.com)

root# netstat -a | grep -i 4070

tcp4       0      0  *.4070                 *.*                    LISTEN
tcp46      0      0  *.4070                 *.*                    LISTEN
udp4       0      0  etsx6.apple.com.4070   *.*                    
udp6       0      0  fe80:6::20a:95ff.4070  *.*                    
udp6       0      0  fe80:5::20a:27ff.4070  *.*                    
udp6       0      0  fe80:4::203:93ff.4070  *.* 


kdcd% ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
        inet 127.0.0.1 netmask 0xff000000 
        inet 17.216.120.150 netmask 0xffffff00 
        inet 17.216.120.120 netmask 0xffffff00 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::203:93ff:fea8:cbba%en0 prefixlen 64 scopeid 0x4 
        inet 17.216.120.72 netmask 0xffffff00 broadcast 17.216.120.255
        ether 00:03:93:a8:cb:ba 
        media: autoselect (100baseTX <full-duplex>) status: active
        supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP
<half-duplex,hw-loopback> 10baseT/UTP <full-duplex> 10baseT/UTP
<full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX
<half-duplex,hw-loopback> 100baseTX <full-duplex> 100baseTX
<full-duplex,hw-loopback> 1000baseTX <full-duplex> 1000baseTX
<full-duplex,hw-loopback> 1000baseTX <full-duplex,flow-control> 1000baseTX
<full-duplex,flow-control,hw-loopback>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::203:93ff:fec0:6e2c%en1 prefixlen 64 scopeid 0x5 
        ether 00:03:93:c0:6e:2c 
        media: autoselect (<unknown type>) status: inactive
        supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP
<half-duplex,hw-loopback> 10baseT/UTP <full-duplex> 10baseT/UTP
<full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX
<half-duplex,hw-loopback> 100baseTX <full-duplex> 100baseTX
<full-duplex,hw-loopback> 1000baseTX <full-duplex> 1000baseTX
<full-duplex,hw-loopback> 1000baseTX <full-duplex,flow-control> 1000baseTX
<full-duplex,flow-control,hw-loopback>
en2: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
        tunnel inet  --> 
        ether 00:0a:27:a8:cb:ba 
        media: autoselect <full-duplex> status: inactive
        supported media: autoselect <full-duplex>

More information about the Kerberos mailing list