KDC does not accept requests through loopback interface

avillarrealpouw@netscape.net avillarrealpouw at netscape.net
Mon Feb 20 12:40:00 EST 2006


Hello, group:
 
I have been testing the Fedora distribution of Kerberos and tripped on a problem: after upgrading from Fedora core 3 to Fedora core 4 in my KDC the KDC stopped receiving requests for tickets through the loopback interface.
 
This means that I cannot run "kinit" or "kadmin" from the KDC, (only "kadmin.local") which in turn means that I have not been able to set automatic propagation to the slave KDCs.
 
Using a network analyzer I verified that when "kinit" is run an AS request is sent through the loopback interface (address 127.0.0.1) and a "port unavailable" message is returned by TCP/IP.
 
Credentials are being delivered without problem to other computers (the request is serviced through the ethernet port) and everything else works fine in both Fedora core 3 and core 4.
 
Fedora core 4 comes with version 1.4.1 of Kerberos while Fedora core 3 comes with 1.3.4
 
Question:
- Is this a security feature, a design characteristic or a bug?
- Is there a workaround or a specific manual chapter I should be reading?
 
Since I am in the testing phase I am not worried of any potential security loopholes that might be created by re-opening the ports on the loopback interface.
 
Thank you very much,
 
Andres Villarreal.
___________________________________________________
Try the New Netscape Mail Today!
Virtually Spam-Free | More Storage | Import Your Contact List
http://mail.netscape.com



More information about the Kerberos mailing list