Skip Menu |
 

Subject: Loopback addresses excluded when setting up UDP listening sockets without pktinfo
If IPv4 or IPv6 pktinfo is unavailable, we set up a UDP listener socket
on each interface address so that we can send reply packets from the same
address they were sent to. This is done using krb5int_foreach_localaddr.

krb5int_foreach_localaddr is also used by krb5_os_localaddr, which is
used for ticket address restrictions. As such, it excludes loopback
interfaces, per RFC 4120 section 7.1. But there is no reason to exclude
loopback interfaces when setting up KDC and kadmind listener sockets.

This restriction would break most test setups under Linux, except that
Linux has IPv4 pktinfo support.