Subject: Re: behavior of krb5_get_all_server_addrs()
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
From: Jason R Thorpe <thorpej@zembu.com>
List: tech-crypto
Date: 12/01/2000 20:19:05
On Fri, Dec 01, 2000 at 11:11:48PM -0500, Bill Sommerfeld wrote:

 > You need to bind to all the interface addresses in order to assure
 > that KDC replies come from the address they were sent to..
 > 
 > At least some kerberos implementations verify that responses are
 > received with a source address equal to the address of the KDC.
 > 
 > If the KDC is multi-homed, binding to all of the machine's addresses
 > individual is the only vaguely portable way to know which address a
 > packet was sent to..

Okay, that works for me.  I'll re-work that function to work properly
with NetBSD.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>