[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug? kadmind binds only to IPv6 addresses, if IPv6 is enabled

Hello everyone,

I'm just setting up a new central server for our institution. Since I'm most
familiar with it, I use Gentoo Linux to accomplish that.

One of the tasks is to set up a central authorization scheme that is usable
via PAM, OpenLDAP, Samba, ...
After some experiments with mit-krb5 I switched to heimdal about two weeks
ago, which caused me much less trouble.

Only one issue so far took me days and lots of sweat to resolve:
It seems that kadmind binds to *:749/tcp, which causes an IPv6 enabled linux
host to insist that 749/tcp is already bound even for IPv4.
By starting kadmind with the -d option it will report that the socket is
already bound for af=2.

./configure --without-ipv6 didn't help at all. In fact I had to take IPv6
support *completely* out of the kernel, which means even no ipv6 module!

IMO all this could be fixed, if one could pass a parameter like
kdc's --addresses to kadmind.
Would it be difficult to enhance kadmind in that way?

Thanks in advance!