Hi. Unfortunately the Kerberos KDCs and servers require non-loopback addresses to function properly. This constraint comes from the protocol specification not from our implementation, so the code is correct as implemented.