[krbdev.mit.edu #3237] Kerberos does not work inside Linux vservers
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Tue Nov 15 21:08:21 EST 2005
> I'am trying to make kerberos working inside a Linux Vserver
> (http://linux-vserver.org/). Am using debian's version 1.3.6-5 of
> kerberos.
I have no idea how the vserver code alters the environment that would
affect the Kerberos code's ability to see the local addresses it's
allowed to use. Would you mind fetching and building 1.4.2 (or the
1.4.3 beta) from our web site (web.mit.edu/kerberos) and seeing if it
has the same problem? Once you've built and installed it, you can also
go into src/lib/krb5/os in your build tree and run "make t_localaddr"
and "./t_localaddr"; that'll print some debug information while trying
to look up the addresses on the network interfaces. (Depending on the
version of Linux, glibc, etc., it either uses a C library call that's
supposed to get them, or uses a bunch of fairly standard ioctl calls
that usually do the right thing, but maybe that bit needs tweaking for
vserver support.)
> I suggest to allow users to bind krb5kdc server on a specific
> interface with the addresses directive in the kdcdefaults section of
> the kdc.conf file, like that:
That might be a good idea, but we still need to solve the problem above.
More information about the krb5-bugs
mailing list