kdc listening on too many interfaces
Steve Devine
sd at msu.edu
Sun Jun 7 17:16:26 EDT 2009
Quoting "Ken Raeburn" <raeburn at MIT.EDU>:
> On Jun 7, 2009, at 07:48, Steve Devine wrote:
>> Everything works fine and in theory I see no harm but still it seems wrong.
>> It seems like I ought to be able to disable listening on the backnet
>> interface.
>> Is this so or no?
>
> At present there is no way to control which IP addresses the KDC
> process listens on. (The message from Bjørn Tore Sun outlines how
> to select the port numbers and whether the KDC listens for TCP
> connections, but not a change in IP addresses.) It's assumed for
> now that all IP addresses may be advertised in DNS as belonging to
> the KDC (yes, we know it's not necessarily true), so we should
> listen just in case. The ability to listen on just some addresses
> has been requested, but so far hasn't made it far up the priority
> list, since it's generally harmless as you say, unless there's some
> reason you need the KDC to *not* listen on certain IP addresses.
>
> --
> Ken Raeburn / raeburn at mit.edu / no longer at MIT Kerberos Consortium
>
>
>
OK thanks Ken. Good to know I'm not missing something, many attempts
at this in kdc.conf were getting me nowhere.
/sd
Steve Devine
Email & Storage
Academic Technology Services
Michigan State University
More information about the Kerberos
mailing list