Bug 440969

Summary: ipa-kpasswd should bind specific interfaces
Product: [Retired] freeIPA Reporter: Simo Sorce <ssorce>
Component: ipa-serverAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: high    
Version: unspecifiedCC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 429034    

Description Simo Sorce 2008-04-04 18:21:03 UTC 
Some kerberos implementations expect UDP reply packets to come back from the ip
address they sent the request to.
The only way to do that is to bind a different socket to each available interface.
Currently ipa-kpasswd is bound to the alias address (0.0.0.0) and therefore
cannot control which source address is used in case multiple interfaces can be
used to send/receive packets to the same destination IP.

This is an uncommon situation, but will need to be fixed at some point, make
sure we do not forget about it.
Comment 2 Simo Sorce 2008-05-29 14:25:26 UTC 
pushed as 4f81c2faec774f31273e9dac1134baa97b9745be
Comment 3 Yi Zhang 2008-06-10 23:02:23 UTC 
QA Verified on June 10, 2008 (Yi)
Build used: June 10, 2008 (64bit RHEL 5.2)


the binding details is stored in /var/log/message file (as below):

Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for [127.0.0.1]
Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for [172.16.142.163]
Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for [::1]
Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for
[fe80::20c:29ff:fe80:7133%eth0]