krb5kdc open ports

greg@enjellic.com greg at enjellic.com
Wed Jun 21 11:05:33 EDT 2006 

On Jun 16,  9:35pm, Michael B Allen wrote:
} Subject: krb5kdc open ports

Good morning to everyone, hope your week is going well.

> How can I get krb5kdc to listen on loopback?

Apply the following patch to a v1.4.3 source tree and use the new
krb5kdc binary.

Good luck with your project.

Greg

---------------------------------------------------------------------------
diff -urN v1.4.3/krb5-1.4.3/src/lib/krb5/os/localaddr.c krb5-1.4.3/src/lib/krb5/os/localaddr.c
--- v1.4.3/krb5-1.4.3/src/lib/krb5/os/localaddr.c	Wed Oct  6 18:51:21 2004
+++ krb5-1.4.3/src/lib/krb5/os/localaddr.c	Thu Nov 24 07:28:17 2005
@@ -584,6 +584,7 @@
 	    }
 	    /*@=moduncon@*/
 
+#if 0
 #ifdef IFF_LOOPBACK
 	    /* None of the current callers want loopback addresses.  */
 	    if (lifreq.lifr_flags & IFF_LOOPBACK) {
@@ -591,6 +592,7 @@
 		goto skip;
 	    }
 #endif
+#endif
 	    /* Ignore interfaces that are down.  */
 	    if ((lifreq.lifr_flags & IFF_UP) == 0) {
 		Tprintf (("  down\n"));
@@ -972,12 +974,14 @@
 	}
 	/*@=moduncon@*/
 
+#if 0
 #ifdef IFF_LOOPBACK
 	/* None of the current callers want loopback addresses.  */
 	if (ifreq.ifr_flags & IFF_LOOPBACK) {
 	    Tprintf (("  loopback\n"));
 	    goto skip;
 	}
+#endif
 #endif
 	/* Ignore interfaces that are down.  */
 	if ((ifreq.ifr_flags & IFF_UP) == 0) {
---------------------------------------------------------------------------


> Thanks,
> Mike

}-- End of excerpt from Michael B Allen

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
"Some of them are.  A surprising number aren't.  A personal favorite of
mine was the log from a cracker who couldn't figure out how to untar
and install the trojan package he'd ftped onto the machine.  He tried a
few times, and then eventually gave up and logged out."
                                -- Nat Lanza

More information about the Kerberos mailing list