This ought to work, but there might be something going wrong with routing socket updates.
Because krb5kdc implements a UDP service, it needs to either use IPv4/IPv6 pktinfo support, or bind to specific interfaces instead of the wildcard address, in order to send replies from the same address as it received requests to. Because Linux distributions require _GNU_SOURCE to be defined for IPv6 pktinfo support (unlike every non-Linux platform), and we don't define _GNU_SOURCE as part of our build before krb5 1.13 because it changes the behavior of strerror_r() to be non-POSIX, krb5 1.12.x doesn't use IPv6 pktinfo; instead it iterates over the configured interfaces and binds to them specifically (omitting the loopback interface, for dumb reasons). We also bind to the routing socket, which is supposed to notify us when network interfaces change. We bind to the routing socket before iterating over the local addresses, so I don't see any potential for a race condition there. So either something is going wrong with our code to do that, or (less likely but not inconceivably) the kernel isn't doing its job.
