Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable X-RT-Original-Encoding: us-ascii Content-Length: 2192 On Tue, Nov 15, 2005 at 09:08:20PM -0500, Ken Raeburn via RT wrote: > > I'am trying to make kerberos working inside a Linux Vserver > > (http://linux-vserver.org/). Am using debian's version 1.3.6-5 of > > kerberos. > > I have no idea how the vserver code alters the environment that would > affect the Kerberos code's ability to see the local addresses it's > allowed to use. Would you mind fetching and building 1.4.2 (or the > 1.4.3 beta) from our web site (web.mit.edu/kerberos) and seeing if it > has the same problem? I've build version 1.4.2. > Once you've built and installed it, you can also > go into src/lib/krb5/os in your build tree and run "make t_localaddr" > and "./t_localaddr"; Here is the output : kdc:~/krb5-1.4.2/src/lib/krb5/os# ./t_localaddr --> family 17 --> family 2 addr 192.168.42.1 --> family 2 addr 192.168.42.21 --> family 2 addr 192.168.42.15 --> family 2 addr 192.168.42.62 --> family 2 addr 192.168.42.27 --> family 2 addr 192.168.42.18 --> family 2 addr 192.168.42.13 --> family 2 addr 192.168.42.22 --> family 2 addr 192.168.42.17 --> family 2 addr 192.168.42.14 --> family 2 addr 192.168.42.6 return value = 0 The first interfaces (--> family 17 ) Seams to be the loopback interface. > that'll print some debug information while trying > to look up the addresses on the network interfaces. (Depending on the > version of Linux, glibc, etc., it either uses a C library call that's > supposed to get them, or uses a bunch of fairly standard ioctl calls > that usually do the right thing, but maybe that bit needs tweaking for > vserver support.) > > > > I suggest to allow users to bind krb5kdc server on a specific > > interface with the addresses directive in the kdcdefaults section of > > the kdc.conf file, like that: > > That might be a good idea, but we still need to solve the problem above. If you need more help/informations, just ask. Best Regards, > -- Nowicki Christophe EPITECH Promo 2006 http://people.easter-eggs.org/~cnowicki/