Subject: Re: behavior of krb5_get_all_server_addrs()
To: Andrew Brown <atatat@atatdot.net>
From: None <itojun@iijlab.net>
List: tech-crypto
Date: 12/03/2000 01:31:09
>>Heimdal's krb5_get_all_server_addrs() is slightly buggy in that it
>>doesn't use getifaddrs()/freeifaddrs().  I'm planning on fixing that,
>>but it begs the question:

	please be careful about KAME embedded scope id, for link-local/
	site-local addresses... (for IPv6 addresses)

>>	Why doesn't the KDC (as an example of a user of said function)
>>	simply listen on a wildcard address, rather than binding to
>>	the address that happen to be configured at the time that the
>>	KDC is started?
>>Sounds like what it should do is bind to wildcard *unless* addresses
>>to bind to are explicitly in the configuration file.

	there are two reasons for explicit bind(2): (1) to avoid
	multicast/broadcasts, (2) make sure dst(query) == src(reply).

itojun