tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: behavior of krb5_get_all_server_addrs()



>>Heimdal's krb5_get_all_server_addrs() is slightly buggy in that it
>>doesn't use getifaddrs()/freeifaddrs().  I'm planning on fixing that,
>>but it begs the question:

        please be careful about KAME embedded scope id, for link-local/
        site-local addresses... (for IPv6 addresses)

>>      Why doesn't the KDC (as an example of a user of said function)
>>      simply listen on a wildcard address, rather than binding to
>>      the address that happen to be configured at the time that the
>>      KDC is started?
>>Sounds like what it should do is bind to wildcard *unless* addresses
>>to bind to are explicitly in the configuration file.

        there are two reasons for explicit bind(2): (1) to avoid
        multicast/broadcasts, (2) make sure dst(query) == src(reply).

itojun



Home | Main Index | Thread Index | Old Index