MIT KDC only listening on lo
Sam Hartman
hartmans at MIT.EDU
Thu Sep 23 13:49:06 EDT 2004
>>>>> "Fredrik" == Fredrik Tolf <fredrik at dolda2000.com> writes:
>> This comes up often enough that I'm thinking we should
>> reconsider our decision not to listen on localhost.
Fredrik> Would you mind me asking why you made that decision in
Fredrik> the first place? I can see no obvious reason for it.
If you are using IP addresses in your tickets, you want to make sure
that you never talk to the KDC on localhost. Also, you want to make
sure you never include localhost in the set of addresses in your
ticket. I think we use the same API to find local addresses to
include in tickets as we do to find local interfaces.
--Sam
More information about the Kerberos
mailing list