[krbdev.mit.edu #8531] KDC/kadmind may fail to start on IPv4-only systems
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Dec 26 13:55:23 EST 2016
The 1.15 net-server.c code was written with the assumption that on an
IPv4-only system, getaddrinfo(NULL, ...) will return only an IPv4
wildcard address. According to discussion in ticket 8530, this is not
the case; we may get an IPv6 wildcard address as well, and binding to
that address can give an EAFNOSUPPORT error. (I assume the
EAFNOSUPPORT occurs because there is no IPv6 loopback address, not
because the kernel was confgured without IPv6 support, but I'm not
certain.)
Specifying AI_ADDRCONFIG in hints at first seems like it might work
around this problem, but (at least in glibc) AI_ADDRCONFIG does not
respect loopback addresses, and we want to accept connections on
loopback. So using AI_ADDRCONFIG is probably not a good idea.
A better workaround is to tolerate EAFNOSUPPORT errors when setting up
sockets, as long as we can bind to at least one address returned by
gettadrinfo().
More information about the krb5-bugs
mailing list