Skip Menu |
 

Download (untitled) / with headers
text/plain 2.5KiB
From rbell@alumni.caltech.edu Mon Aug 26 13:32:04 2002
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3) with ESMTP
id NAA09441; Mon, 26 Aug 2002 13:32:04 -0400 (EDT)
From: rbell@alumni.caltech.edu
Received: from alumnus.caltech.edu (alumnus.caltech.edu [131.215.49.51])
by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id NAA14519
for <krb5-bugs@mit.edu>; Mon, 26 Aug 2002 13:32:03 -0400 (EDT)
Received: (from rbell@localhost)
by alumnus.caltech.edu (8.12.3/8.12.3) id g7QHW2Kf008996;
Mon, 26 Aug 2002 10:32:02 -0700 (PDT)
Date: Mon, 26 Aug 2002 10:32:02 -0700 (PDT)
Message-Id: <200208261732.g7QHW2Kf008996@alumnus.caltech.edu>
X-Authentication-Warning: alumnus.caltech.edu: Processed by rbell with -C /home/rbell/sendmail/sendmail.cf
To: krb5-bugs@mit.edu
Subject: using with loopback interface, IFF_LOOPBACK
Reply-To: rbell@alumni.caltech.edu

Submitter-Id: <none>
Originator: Russell Bell
Organization: <none>
Confidential: no
Synopsis: using loopback interface, IFF_LOOPBACK
Severity: non-critical
Priority: low
Category: krb5-build
Class: change-request
Release: 1.2.5
Environment: ibm thinkpad 380xd
System: linux 2.4.2
Machine: ibm thinkpad 380xd
Description:
I wanted to use kerberos on the loopback interface. I found
the IFF_LOOPBACK switch in kdc/network.c and
lib/krb5/os/localaddr.c. It switches on a piece of code that
causes Kerberos to ignore the loopback interface. I found
nothing that sets the switch. I put a comment in that
conditional part of network.c that prints the value of
IFF_LOOPBACK to the log. It comes out 8 no matter what I do,
even undefine IFF_LOOPBACK. I ended up commenting out that bit
of code in network.c and localaddr.c.

I live off-network. I go into town once a week at which time
I do some system administration for the Mono Lake Committee.
I set up and test the software I want to install at home
first. Kerberos 5 did not work on my computer alone unless I
installed the network card, something that took me a while to
figure out. I use a laptop computer and install the network
card only when I have a network to use because I get all my
electricity from my solar panels, so I conserve energy by all
tactics.

How-To-Repeat:
N/A
Fix:
Explain how to use IFF_LOOPBACK. Document that one must
undefine it to use the loopback interface. Perhaps make the
'no sockets set up?' message report that it does not work on
the loopback interface unless one undefines IFF_LOOPBACK.


russell bell
To: rt@krbdev.mit.edu
Subject: [krbdev.mit.edu #1160] Kerberos requires non-loopback networking
Date: Mon, 26 Aug 2002 14:25:34 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
RT-Send-Cc:


Hi. Unfortunately the Kerberos KDCs and servers require non-loopback
addresses to function properly.

This constraint comes from the protocol specification not from our implementation, so the code is correct as implemented.
Date: Mon, 26 Aug 2002 12:17:47 -0700 (PDT)
From: "Russell A. Bell" <rbell@alumni.caltech.edu>
To: rt-comment@krbdev.mit.edu
Subject: [krbdev.mit.edu #1160] Kerberos requires non-loopback networking
RT-Send-Cc:
'Hi. Unfortunately the Kerberos KDCs and servers require
non-loopback addresses to function properly.'
'This constraint comes from the protocol specification not
from our implementation, so the code is correct as implemented.'
If I comment out the two bits of code that causes Kerberos to
ignore the loopback interface it works fine for me. I got all my
testing done at home and am ready to install it for the Committee.
I wanted to know how IFF_LOOPBACK stays set no matter what I
do to unset it. I don't see it set anywhere in the code.

russell bell
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1160] Kerberos requires non-loopback networking
From: Sam Hartman <hartmans@mit.edu>
Date: Mon, 26 Aug 2002 15:27:27 -0400
RT-Send-Cc:

the IF_LOOPBACK definition is a interface flag defined by system
header files. The code checks to see if it is defined to see whether
testing against that flag will produce a compiler error.