krb5kdc: No such device - Cannot bind server socket to port 88

Ken Raeburn raeburn at MIT.EDU
Wed Jun 22 17:44:32 EDT 2005


On Jun 22, 2005, at 16:59, Jim Pharis wrote:
> My kdc will not start. I get an error message in my kdc log file...
>
> krb5kdc[11331](info): listening on fd 7: udp 192.168.0.1.88
> krb5kdc[11331](info): listening on fd 8: udp 192.168.0.1.750
> krb5kdc: No such device - Cannot bind server socket to port 88 address
> fe88::20f:1fff:feb2:b9c7%253

I've seen the reports, but don't know the cause yet...

Could you try dropping in some code like this just before the call to 
bind in kdc/network.c and see if it changes anything?

   if (addr->sa_family == AF_INET6) {
     struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) addr;
     com_err(data->prog, 0, "zapping scope %d to 0", 
sin6->sin6_scope_id);
     sin6->sin6_scope_id = 0;
   }

It does seem interesting that all the reports I've seen involve unusual 
addresses.  Yours and one other concerned link-local addresses 
(fe80::/10), and one more listed an fd80:: address (an unassigned 
block, I think) in the report.  Since we're supposed to be filtering 
out link-local addresses, this address shouldn't have been used in this 
part of the code.

Please let me know what "grep ifaddrs config.cache" in the "src" 
directory of your build tree shows.  We've got (at least) two different 
code paths that could be used for getting the address list, and one of 
them clearly isn't doing the filtering that it ought to.

> I'm running Ubuntu Hoary. Is the KDC trying to bind to the ip6 address?

Yes, we try to bind to all local ipv4 and ipv6 addresses separately.  
(There's another approach that could use just one socket for all IPv6 
traffic, and carry the address info separately, but we're not using it 
yet.)

Ken



More information about the Kerberos mailing list