KDC does not accept requests through loopback interface
avillarrealpouw@netscape.net
avillarrealpouw at netscape.net
Mon Feb 20 12:40:00 EST 2006
Hello, group:
I have been testing the Fedora distribution of Kerberos and tripped on a problem: after upgrading from Fedora core 3 to Fedora core 4 in my KDC the KDC stopped receiving requests for tickets through the loopback interface.
This means that I cannot run "kinit" or "kadmin" from the KDC, (only "kadmin.local") which in turn means that I have not been able to set automatic propagation to the slave KDCs.
Using a network analyzer I verified that when "kinit" is run an AS request is sent through the loopback interface (address 127.0.0.1) and a "port unavailable" message is returned by TCP/IP.
Credentials are being delivered without problem to other computers (the request is serviced through the ethernet port) and everything else works fine in both Fedora core 3 and core 4.
Fedora core 4 comes with version 1.4.1 of Kerberos while Fedora core 3 comes with 1.3.4
Question:
- Is this a security feature, a design characteristic or a bug?
- Is there a workaround or a specific manual chapter I should be reading?
Since I am in the testing phase I am not worried of any potential security loopholes that might be created by re-opening the ports on the loopback interface.
Thank you very much,
Andres Villarreal.
___________________________________________________
Try the New Netscape Mail Today!
Virtually Spam-Free | More Storage | Import Your Contact List
http://mail.netscape.com
More information about the Kerberos
mailing list