Running KDC as non-root and dockerize KDC

Yegui Cai caiyegui at gmail.com
Mon Jan 7 12:31:03 EST 2019


Hi Robbie.

I ran into the case where the privileged ports are not allowed to be
bindded. Do you know how I can work around this?

Thanks,
YC

On Fri, Jan 4, 2019 at 11:14 AM Robbie Harwood <rharwood at redhat.com> wrote:

> Yegui Cai <caiyegui at gmail.com> writes:
>
> > Hi all.
> >
> > This can be two threads but I have the following two questions at the
> > same time.
> >
> > 1. Can we run KDC as a non-root user? Meaning is it required to run KDC
> as
> > root?
>
> The KDC and kadmin want several low-number ports, including 88, 749, and
> possibly 754.  They also need permissions set up correctly in order to
> access the datastore.  Modifying these permissions requires some care to
> avoid circumventing any additional protections your system may already
> have (e.g., Selinux).  I'm not aware of other potential issues.
>
> > 2. Is there any official docker images for KDC? or any plan to have
> > one?
>
> The FreeIPA project has container images for the server:
> https://www.freeipa.org/page/Docker (note that this includes more than
> just a KDC, though).
>
> I'm not aware of anyone else distributing images, but there's nothing
> that stops you from setting it up in a container.
>
> Thanks,
> --Robbie
>


More information about the Kerberos mailing list