krb5 address checks and loopback connections

Sam Hartman hartmans at MIT.EDU
Tue Jul 9 13:05:00 EDT 2002

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> IMO, hosts should never accept incoming packets with
    Nicolas> source or destination loopback addresses. If a host does
    Nicolas> accept such packets then I would consider that a bug in
    Nicolas> the OS.

I think you're living in your own little universe on this one
unfortunately.  I agree the OS should deal, but many seem not to.

Ken and I talked off line yesterday.  Here's what I think we agreed to:

* Include Ken's fix because we cannot think of how it makes spoofing
  any worse except in localhost-only services.  If you have a
  localhost-only service and you haven't set up firewall rules or
  patched your OS to do spoof protection, then you are beyond help
  from a security standpoint.  Also, note that localhost Kerberos
  services do not actually work at all.

* Default to addressless tickets once the patch is integrated and

More information about the krbdev mailing list