kdc listening on too many interfaces
Bjørn Tore Sund
bjorn.sund at it.uib.no
Sun Jun 7 10:54:33 EDT 2009
Steve Devine wrote:
> Running Kerberos 5 release 1.6.3 on a new server - we have a backnet
> interface for Backups. When I start the kdc I see this in the logs:
>
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): setting up network...
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): skipping unrecognized
> local address family 17
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): skipping unrecognized
> local address family 17
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 8: udp
> MainIPAddress.88
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 9: udp
> MainIPAddress.750
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 10: udp
> BackNetIPAddress.88
> Jun 07 00:21:59 afsdb0 krb5kdc[5761](info): listening on fd 11: udp
> BackNetIPAddress.750
>
> Everything works fine and in theory I see no harm but still it seems wrong.
> It seems like I ought to be able to disable listening on the backnet
> interface.
> Is this so or no?
> Lots of Googling have so far revealed nothing.
You need the man page. But briefly, in the [kdcdefaults] section of
kdc.conf, set kdc_ports to the port number(s) you want to listen to.
Note that in order to enable listening to tcp connections, you need to
specifically set kdc_tcp_ports to 88.
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund at it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
More information about the Kerberos
mailing list