Running KDC as non-root and dockerize KDC
Grant Taylor
gtaylor at tnetconsulting.net
Sat Jan 5 13:41:03 EST 2019
On 1/4/19 9:14 AM, Robbie Harwood wrote:
> The KDC and kadmin want several low-number ports, including 88, 749,
> and possibly 754.
It's possible (on Linux) to give utilities access to bind to ports below
1024 as non-root user by adding the cap_net_bind_service capability via
the setcap command.
Aside: How well would Kerberos work if these services ran on a high
port and IPTables magic was used to redirect requests to the low ports
up to high ports?
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190105/316d02fa/attachment.bin
More information about the Kerberos
mailing list