Re: behavior of krb5_get_all_server_addrs()

To: thorpej%zembu.com@localhost
Subject: Re: behavior of krb5_get_all_server_addrs()
From: Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost>
Date: Fri, 01 Dec 2000 23:11:48 -0500

> Sounds like what it should do is bind to wildcard *unless* addresses
> to bind to are explicitly in the configuration file.
> 
> Comments?

You need to bind to all the interface addresses in order to assure
that KDC replies come from the address they were sent to..

At least some kerberos implementations verify that responses are
received with a source address equal to the address of the KDC.

If the KDC is multi-homed, binding to all of the machine's addresses
individual is the only vaguely portable way to know which address a
packet was sent to..

                                        - Bill

Follow-Ups:
- Re: behavior of krb5_get_all_server_addrs()
  - From: Jason R Thorpe

References:
- behavior of krb5_get_all_server_addrs()
  - From: Jason R Thorpe

Prev by Date: behavior of krb5_get_all_server_addrs()
Next by Date: Re: behavior of krb5_get_all_server_addrs()
Previous by Thread: behavior of krb5_get_all_server_addrs()
Next by Thread: Re: behavior of krb5_get_all_server_addrs()
Indexes:

Home | Main Index | Thread Index | Old Index