Client and server on same machine
Dr. Greg Wettstein
greg at wind.enjellic.com
Tue Nov 25 14:59:28 EST 2003
On Nov 23, 1:06pm, Mark Phalan wrote:
} Subject: Re: Client and server on same machine
> > hartmans at MIT.EDU (Sam Hartman) wrote in message news:<tsln0aofald.fsf at konishi-polis.mit.edu>...
> > The KDC cannot run on localhost. You can run everything on one
> > machine, but you need to use a real network interface and make sure
> > your clients talk to the kdc over that real network interface.
Actually you can run everything, for testing, on localhost but you
need a source code dive, at least in 1.2.8.
> I do not have (at this time) a network card. Is it possible to
> create a dummy network interface which is in fact localhost?
I do my development work on 1.2.8 on my laptop using only the
localhost (127.0.0.1) interface. I don't know how much has changed in
the 1.3.x code drops but the hack needed to support localhost
operation is pretty straight forward in 1.2.8.
The file in question is network.c in the kdc sub-directory. The
clause in question is as follows:
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses.
*/
if (ifreq.ifr_flags & IFF_LOOPBACK)
goto skip;
#endif
If you surround the #ifdef IFF_LOOPBACK with an #ifdef 0/#endif pair to
disable the check and recompile you will have a KDC which operates on
the 127.0.0.1 or localhost interface.
IMPORTANT NOTE:
Operating in this mode requires that you really understand how
Kerberos works, especially with respect to naming services, ie
DNS and name resolution. Don't look to the list for too much
help, be prepared to exert some elbow grease and figure out
issues on your own dime.
This check was also, obviously, put in for a reason. Do not
use a modified KDC when you are attached to a network or very
anything that is designed to be remotely secure. This is a
'your on your own' hack for testing on a private and isolated
machine.
Good luck with your work.
}-- End of excerpt from Mark Phalan
As always,
GW
The Hurderos Project - Open Identity and Authorization Management
------------------------------------------------------------------------------
"The price of reliability is the pursuit of the utmost simplicity."
-- C.A.R. Hoare
1980 ACM Turning Award Lecture
More information about the Kerberos
mailing list