Bug 440969 - ipa-kpasswd should bind specific interfaces
ipa-kpasswd should bind specific interfaces
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
unspecified
All Linux
high Severity low
: ---
: ---
Assigned To: Simo Sorce
Chandrasekar Kannan
:
Depends On:
Blocks: 429034
  Show dependency treegraph
 
Reported: 2008-04-04 14:21 EDT by Simo Sorce
Modified: 2015-01-04 18:31 EST (History)
1 user (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Simo Sorce 2008-04-04 14:21:03 EDT
Some kerberos implementations expect UDP reply packets to come back from the ip
address they sent the request to.
The only way to do that is to bind a different socket to each available interface.
Currently ipa-kpasswd is bound to the alias address (0.0.0.0) and therefore
cannot control which source address is used in case multiple interfaces can be
used to send/receive packets to the same destination IP.

This is an uncommon situation, but will need to be fixed at some point, make
sure we do not forget about it.
Comment 2 Simo Sorce 2008-05-29 10:25:26 EDT
pushed as 4f81c2faec774f31273e9dac1134baa97b9745be
Comment 3 Yi Zhang 2008-06-10 19:02:23 EDT
QA Verified on June 10, 2008 (Yi)
Build used: June 10, 2008 (64bit RHEL 5.2)


the binding details is stored in /var/log/message file (as below):

Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for [127.0.0.1]
Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for [172.16.142.163]
Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for [::1]
Jun 10 12:47:14 ipaserver kpasswd[17656]: Setting up socket for
[fe80::20c:29ff:fe80:7133%eth0]

Note You need to log in before you can comment on or make changes to this bug.