KDC does not accept requests through loopback interface

greg@enjellic.com greg at enjellic.com
Wed Feb 22 11:30:22 EST 2006


On Feb 20, 12:40pm, avillarrealpouw at netscape.net wrote:
} Subject: KDC does not accept requests through loopback interface

> Hello, group:

Good morning, hope your day is going well.

> I have been testing the Fedora distribution of Kerberos and tripped
> on a problem: after upgrading from Fedora core 3 to Fedora core 4 in
> my KDC the KDC stopped receiving requests for tickets through the
> loopback interface.

MIT stopped having their KDC listen on loopback a while ago.  It is
mildly irritating especially when doing laptop based development.

The following patch is against 1.4.3 but should pretty much fit
against 1.4.1.  Apply the patch and rebuild krb5kdc and you will be
able to use the loopback interface.

Cut here. -----------------------------------------------------------------
diff -urN v1.4.3/krb5-1.4.3/src/lib/krb5/os/localaddr.c krb5-1.4.3/src/lib/krb5/os/localaddr.c
--- v1.4.3/krb5-1.4.3/src/lib/krb5/os/localaddr.c	Wed Oct  6 18:51:21 2004
+++ krb5-1.4.3/src/lib/krb5/os/localaddr.c	Thu Nov 24 07:28:17 2005
@@ -584,6 +584,7 @@
 	    }
 	    /*@=moduncon@*/
 
+#if 0
 #ifdef IFF_LOOPBACK
 	    /* None of the current callers want loopback addresses.  */
 	    if (lifreq.lifr_flags & IFF_LOOPBACK) {
@@ -591,6 +592,7 @@
 		goto skip;
 	    }
 #endif
+#endif
 	    /* Ignore interfaces that are down.  */
 	    if ((lifreq.lifr_flags & IFF_UP) == 0) {
 		Tprintf (("  down\n"));
@@ -972,12 +974,14 @@
 	}
 	/*@=moduncon@*/
 
+#if 0
 #ifdef IFF_LOOPBACK
 	/* None of the current callers want loopback addresses.  */
 	if (ifreq.ifr_flags & IFF_LOOPBACK) {
 	    Tprintf (("  loopback\n"));
 	    goto skip;
 	}
+#endif
 #endif
 	/* Ignore interfaces that are down.  */
 	if ((ifreq.ifr_flags & IFF_UP) == 0) {
And here.------------------------------------------------------------------

> Andres Villarreal.

Good luck with your efforts.

Have a good day.

}-- End of excerpt from avillarrealpouw at netscape.net

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
"So you force loaded a 1.2.13 module into 2.1.21 and it broke.  Gee what
a surprise.  I bet loading DOS .COM files as modules doesn't work either."
                                -- Alan Cox



More information about the Kerberos mailing list