Running KDC as non-root and dockerize KDC

Grant Taylor gtaylor at tnetconsulting.net
Sat Jan 5 13:41:03 EST 2019


On 1/4/19 9:14 AM, Robbie Harwood wrote:
> The KDC and kadmin want several low-number ports, including 88, 749, 
> and possibly 754.

It's possible (on Linux) to give utilities access to bind to ports below 
1024 as non-root user by adding the cap_net_bind_service capability via 
the setcap command.

Aside:  How well would Kerberos work if these services ran on a high 
port and IPTables magic was used to redirect requests to the low ports 
up to high ports?



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190105/316d02fa/attachment.bin


More information about the Kerberos mailing list