Date: | Fri, 11 Nov 2005 21:05:06 +0100 |
From: | Christophe Nowicki <cscm@meuh.dyndns.org> |
To: | krb5-bugs@mit.edu |
Subject: | Kerberos does not work inside Linux vservers |
Hi,
I'am trying to make kerberos working inside a Linux Vserver
(http://linux-vserver.org/). Am using debian's version 1.3.6-5 of
kerberos.
My vserver has many network interfaces :
#/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:63:DC:ED:EE
inet addr:192.168.42.1 Bcast:192.168.42.255
Mask:255.255.255.0
...
eth0:cact Link encap:Ethernet HWaddr 00:40:63:DC:ED:EE
inet addr:192.168.42.21 Bcast:192.168.42.255
Mask:255.255.255.0
...
eth0:kdc Link encap:Ethernet HWaddr 00:40:63:DC:ED:EE
inet addr:192.168.42.27 Bcast:192.168.42.255
Mask:255.255.255.0
...
With the vserveur patch, programs are not able to bind to thoses
interfaces. There can bind only the current vserver interface
(192.168.42.27 in this case).
But krb5kdc, try to bind on *EVERY* network interface avalide :
Nov 11 19:39:08 kdc krb5kdc[13311]: setting up network...
Nov 11 19:39:08 kdc krb5kdc[13311]: skipping unrecognized local address
family 17
Nov 11 19:39:08 kdc krb5kdc[13311]: Cannot assign requested address -
Cannot bind server socket to port 88 address 192.168.42.1
^ this is the first network
interface
Nov 11 19:39:08 kdc krb5kdc[13311]: set up 0 sockets
Nov 11 19:39:08 kdc krb5kdc[13311]: no sockets set up?
krb5kdc fail to start.
I suggest to allow users to bind krb5kdc server on a specific
interface with the addresses directive in the kdcdefaults section of
the kdc.conf file, like that:
[kdcdefaults]
kdc_ports = 750,88
addresses = 192.168.42.27
Best Regards,
--
Nowicki Christophe
EPITECH Promo 2006
http://people.easter-eggs.org/~cnowicki/
I'am trying to make kerberos working inside a Linux Vserver
(http://linux-vserver.org/). Am using debian's version 1.3.6-5 of
kerberos.
My vserver has many network interfaces :
#/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:63:DC:ED:EE
inet addr:192.168.42.1 Bcast:192.168.42.255
Mask:255.255.255.0
...
eth0:cact Link encap:Ethernet HWaddr 00:40:63:DC:ED:EE
inet addr:192.168.42.21 Bcast:192.168.42.255
Mask:255.255.255.0
...
eth0:kdc Link encap:Ethernet HWaddr 00:40:63:DC:ED:EE
inet addr:192.168.42.27 Bcast:192.168.42.255
Mask:255.255.255.0
...
With the vserveur patch, programs are not able to bind to thoses
interfaces. There can bind only the current vserver interface
(192.168.42.27 in this case).
But krb5kdc, try to bind on *EVERY* network interface avalide :
Nov 11 19:39:08 kdc krb5kdc[13311]: setting up network...
Nov 11 19:39:08 kdc krb5kdc[13311]: skipping unrecognized local address
family 17
Nov 11 19:39:08 kdc krb5kdc[13311]: Cannot assign requested address -
Cannot bind server socket to port 88 address 192.168.42.1
^ this is the first network
interface
Nov 11 19:39:08 kdc krb5kdc[13311]: set up 0 sockets
Nov 11 19:39:08 kdc krb5kdc[13311]: no sockets set up?
krb5kdc fail to start.
I suggest to allow users to bind krb5kdc server on a specific
interface with the addresses directive in the kdcdefaults section of
the kdc.conf file, like that:
[kdcdefaults]
kdc_ports = 750,88
addresses = 192.168.42.27
Best Regards,
--
Nowicki Christophe
EPITECH Promo 2006
http://people.easter-eggs.org/~cnowicki/
Message body not shown because it is not plain text.