[krbdev.mit.edu #6369] lib/rpc should have way to register with secure rpcbind using unix domain socket
Ezra Peisach via RT
rt-comment at krbdev.mit.edu
Thu Feb 5 14:05:16 EST 2009
Under fedora 10 and other OS's - portmap has been replaced by rpcbind.
Security considerations have "improved" - requiring a loopback socket
and a reserved port (<1024) unless certain flags are given.
Looking at the sources for rpcbind - there is now support for a unix
domain socket connection - which is known to be local - and does not
therefore require a reserved port.
Either the rpc layer should be replaced with a newer implementation or
the library could be shoehorned to attempt to use a unix domain socket
if present.
More information about the krb5-bugs
mailing list