Client and server on same machine

Dr. Greg Wettstein greg at wind.enjellic.com
Tue Nov 25 14:59:28 EST 2003 

On Nov 23,  1:06pm, Mark Phalan wrote:
} Subject: Re: Client and server on same machine

> > hartmans at MIT.EDU (Sam Hartman) wrote in message news:<tsln0aofald.fsf at konishi-polis.mit.edu>...
> > The KDC cannot run on localhost.  You can run everything on one
> > machine, but you need to use a real network interface and make sure
> > your clients talk to the kdc over that real network interface.

Actually you can run everything, for testing, on localhost but you
need a source code dive, at least in 1.2.8.

> I do not have (at this time) a network card. Is it possible to
> create a dummy network interface which is in fact localhost?

I do my development work on 1.2.8 on my laptop using only the
localhost (127.0.0.1) interface.  I don't know how much has changed in
the 1.3.x code drops but the hack needed to support localhost
operation is pretty straight forward in 1.2.8.

The file in question is network.c in the kdc sub-directory.  The
clause in question is as follows:

#ifdef IFF_LOOPBACK
            /* None of the current callers want loopback addresses.
*/
        if (ifreq.ifr_flags & IFF_LOOPBACK)
            goto skip;
#endif


If you surround the #ifdef IFF_LOOPBACK with an #ifdef 0/#endif pair to
disable the check and recompile you will have a KDC which operates on
the 127.0.0.1 or localhost interface.

IMPORTANT NOTE:

	Operating in this mode requires that you really understand how
	Kerberos works, especially with respect to naming services, ie
	DNS and name resolution.  Don't look to the list for too much
	help, be prepared to exert some elbow grease and figure out
	issues on your own dime.

	This check was also, obviously, put in for a reason.  Do not
	use a modified KDC when you are attached to a network or very
	anything that is designed to be remotely secure.  This is a
	'your on your own' hack for testing on a private and isolated
	machine.

Good luck with your work.

}-- End of excerpt from Mark Phalan

As always,
GW

The Hurderos Project - Open Identity and Authorization Management
------------------------------------------------------------------------------
"The price of reliability is the pursuit of the utmost simplicity."
                                -- C.A.R. Hoare
                                   1980 ACM Turning Award Lecture

More information about the Kerberos mailing list