Re: Client and server on same machine

Tue, 25 Nov 2003 13:18:01 -0800 

On Nov 23,  1:06pm, Mark Phalan wrote:
} Subject: Re: Client and server on same machine

> > [EMAIL PROTECTED] (Sam Hartman) wrote in message news:<[EMAIL PROTECTED]>...
> > The KDC cannot run on localhost.  You can run everything on one
> > machine, but you need to use a real network interface and make sure
> > your clients talk to the kdc over that real network interface.

Actually you can run everything, for testing, on localhost but you
need a source code dive, at least in 1.2.8.

> I do not have (at this time) a network card. Is it possible to
> create a dummy network interface which is in fact localhost?

I do my development work on 1.2.8 on my laptop using only the
localhost (127.0.0.1) interface.  I don't know how much has changed in
the 1.3.x code drops but the hack needed to support localhost
operation is pretty straight forward in 1.2.8.

The file in question is network.c in the kdc sub-directory.  The
clause in question is as follows:

#ifdef IFF_LOOPBACK
            /* None of the current callers want loopback addresses.
*/
        if (ifreq.ifr_flags & IFF_LOOPBACK)
            goto skip;
#endif


If you surround the #ifdef IFF_LOOPBACK with an #ifdef 0/#endif pair to
disable the check and recompile you will have a KDC which operates on
the 127.0.0.1 or localhost interface.

IMPORTANT NOTE:

        Operating in this mode requires that you really understand how
        Kerberos works, especially with respect to naming services, ie
        DNS and name resolution.  Don't look to the list for too much
        help, be prepared to exert some elbow grease and figure out
        issues on your own dime.

        This check was also, obviously, put in for a reason.  Do not
        use a modified KDC when you are attached to a network or very
        anything that is designed to be remotely secure.  This is a
        'your on your own' hack for testing on a private and isolated
        machine.

Good luck with your work.

}-- End of excerpt from Mark Phalan

As always,
GW

The Hurderos Project - Open Identity and Authorization Management
------------------------------------------------------------------------------
"The price of reliability is the pursuit of the utmost simplicity."
                                -- C.A.R. Hoare
                                   1980 ACM Turning Award Lecture
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to