Received: from mail.csquad.lan (che77-1-82-238-24-27.fbx.proxad.net [82.238.24.27]) by krbdev.mit.edu (8.9.3p2) with ESMTP id SAA16916; Sat, 24 Jun 2006 18:16:43 -0400 (EDT) From: cscm@meuh.dyndns.org Received: from localhost (localhost [127.0.0.1]) by mail.csquad.lan (Postfix) with ESMTP id 679C64472E for ; Sun, 25 Jun 2006 00:15:48 +0200 (CEST) Received: from mail.csquad.lan ([192.168.42.7]) by localhost (mail [192.168.42.7]) (amavisd-new, port 10024) with ESMTP id 13839-04 for ; Sun, 25 Jun 2006 00:15:44 +0200 (CEST) Received: from mail.csquad.lan (localhost [127.0.0.1]) by mail.csquad.lan (Postfix) with ESMTP id 35FDF444AE for ; Sun, 25 Jun 2006 00:15:44 +0200 (CEST) Received: from 192.168.42.253 (SquirrelMail authenticated user cscm) by mail.csquad.lan with HTTP; Sun, 25 Jun 2006 00:15:44 +0200 (CEST) Message-Id: <57081.192.168.42.253.1151187344.squirrel@mail.csquad.lan> In-Reply-To: References: Date: Sun, 25 Jun 2006 00:15:44 +0200 (CEST) Subject: Re: [krbdev.mit.edu #3237] Kerberos does not work inside Linux vservers To: rt-comment@krbdev.mit.edu User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at meuh.dyndns.org RT-Send-Cc: X-RT-Original-Encoding: iso-8859-1 Content-Length: 2590 Hi Ken, > I'm sorry about the delay in getting back to you -- I accidentally sent > my reply to the email address for filing the response with the bug > report but *not* sending a copy back to the original reporter of the > problem, and didn't notice for quite some time.... No problem. >> > Here is the output : >> >> Thanks! That output looks good. Well, maybe... did you run it in >> the same vserver environment that the KDC would run in? Yes, >> I'm guessing >> that, in that case, we would only want to return one address. It >> sort of depends -- does the vserver environment hide the other >> addresses, or just not permit you access to them? The vserver does not hide the other interfaces : #/sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:11:95:25:DB:0C inet addr:192.168.42.1 Bcast:192.168.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:48066286 errors:0 dropped:0 overruns:0 frame:0 TX packets:51623403 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:196681514 (187.5 MiB) TX bytes:471795406 (449.9 MiB) Interrupt:177 Base address:0xc00 eth0:cact Link encap:Ethernet HWaddr 00:11:95:25:DB:0C inet addr:192.168.42.21 Bcast:192.168.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:177 Base address:0xc00 eth0:cfg Link encap:Ethernet HWaddr 00:11:95:25:DB:0C inet addr:192.168.42.15 Bcast:192.168.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:177 Base address:0xc00 eth0:dist Link encap:Ethernet HWaddr 00:11:95:25:DB:0C inet addr:192.168.42.62 Bcast:192.168.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:177 Base address:0xc00 ... But you can't bind on other interfaces, If you process is running in vserver 'a' you can see interface of vserver 'b' but you can bind on b:88 (you can only bind on a:88). The strange thin about kdc, is that he try to bind only on the first interface and fail to setup network : Jun 25 00:13:20 kdc krb5kdc[4311]: Cannot assign requested address - Cannot bind server socket to port 88 address 192.168.42.1 Jun 25 00:13:20 kdc krb5kdc[4311]: set up 0 sockets Jun 25 00:13:20 kdc krb5kdc[4311]: no sockets set up? >> >> If you run the 1.4.2 KDC in the vserver environment, does it bind to >> the correct addresses? I've upgraded to KDC version 1.4.3. Best Regards,