Project Review: kinit -C
Greg Hudson
ghudson at MIT.EDU
Fri Sep 17 10:42:53 EDT 2010
On Fri, 2010-09-17 at 07:58 -0400, John Hascall wrote:
> I'm wondering why this would be. I'm thinking this isn't much more
> than a config file and/or command line option a la '-i eth0' and
> and an if-statement here or there. In fact, even in the absence of
> multiple KDCs I would think restricting which interface you would
> talk to might be a good thing.
Feel free to take a look at kdc/main.c and lib/apputils/net-server.c and
decide where you'd put the if statement here or there. :) I don't think
it's impossible, but what we have right now is already kind of an
octopus.
> Also, perhaps I haven't been paying close enough attention, but what is
> the use case for adding the complexity of automatically dealing with
> network reconfiguration. For example, our KDCs have had the same
> IP addresses for over 20 years, so for us at least, I'm not seeing a value.
The real-world use case is mini-KDCs running on laptops or other
DHCP-configured computers. Obviously these are not traditional KDCs
serving whole organizations, but see http://support.apple.com/kb/TS1452
for instance.
Sam also came up with a use case involving a KDC running on a
hypervisor, but after discussion it sounds like the guests would still
all be using the same address (though not the same interface) to talk to
the KDC, so no rebinding is necessary.
More information about the krbdev
mailing list