> I'am trying to make kerberos working inside a Linux Vserver > (http://linux-vserver.org/). Am using debian's version 1.3.6-5 of > kerberos. I have no idea how the vserver code alters the environment that would affect the Kerberos code's ability to see the local addresses it's allowed to use. Would you mind fetching and building 1.4.2 (or the 1.4.3 beta) from our web site (web.mit.edu/kerberos) and seeing if it has the same problem? Once you've built and installed it, you can also go into src/lib/krb5/os in your build tree and run "make t_localaddr" and "./t_localaddr"; that'll print some debug information while trying to look up the addresses on the network interfaces. (Depending on the version of Linux, glibc, etc., it either uses a C library call that's supposed to get them, or uses a bunch of fairly standard ioctl calls that usually do the right thing, but maybe that bit needs tweaking for vserver support.) > I suggest to allow users to bind krb5kdc server on a specific > interface with the addresses directive in the kdcdefaults section of > the kdc.conf file, like that: That might be a good idea, but we still need to solve the problem above.