[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tips for a beginner




I'm mostly guessing here. A ticket is only valid from a set of
addresses, so when you get tickets (via kinit, or in this case inside
kadmin) it tries to include all local addresses in order to make the
ticket valid over all interfaces. This scheme will not work if you try
to communicate over the loopback interface, since 127.0.0.1 is not
normally included in the address set(*). So if you have a non-loopback
address assigned to any interface, you should not use localhost for
any service, but instead use the assigned address (it doesn't have to
be in the dns).

One other possible solution is to use address-less tickets, which can
be done by adding this to your /etc/krb5.conf:

[appdefaults]
        no-addresses = yes

/Johan

*) it is if there are no non-loopback addresses to include