Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.9.3p2) with ESMTP id TAA10594; Wed, 16 Nov 2005 19:16:02 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.12.4/8.9.2) with ESMTP id jAH0G0YB017395; Wed, 16 Nov 2005 19:16:00 -0500 (EST) Received: from [18.18.1.160] (NOME-KING.MIT.EDU [18.18.1.160]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id jAH0Fuvi025296 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Wed, 16 Nov 2005 19:15:57 -0500 (EST) In-Reply-To: References: MIME-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Ken Raeburn Subject: Re: [krbdev.mit.edu #3237] Kerberos does not work inside Linux vservers Date: Wed, 16 Nov 2005 19:15:55 -0500 To: rt-comment@krbdev.mit.edu X-Mailer: Apple Mail (2.734) X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 1088 On Nov 16, 2005, at 17:07, Christophe Nowicki via RT wrote: > Here is the output : Thanks! That output looks good. Well, maybe... did you run it in the same vserver environment that the KDC would run in? I'm guessing that, in that case, we would only want to return one address. It sort of depends -- does the vserver environment hide the other addresses, or just not permit you access to them? If you run the 1.4.2 KDC in the vserver environment, does it bind to the correct addresses? > The first interfaces (--> family 17 ai_family not supported>) > Seams to be the loopback interface. According to my Linux system headers, it's the "packet family" address type, which I'm not at all familiar with. The loopback interface should be probed, the "loopback" flag found, and the address dropped from the list before it's printed. (Maybe I should've had you turn on the DEBUG flag when building, that might've produced a little more output. Though looking at the code, there's one major path where DEBUG doesn't add anything.) Ken