On Feb 19, 2008, at 02:17, Sachin Punadikar wrote: > While doing code walkthrough of krb5kdc and kadmind programs, > I noticed a difference between these two in the way it sets up the > ports for listening. > krb5kdc uses ioctl calls to get the interfaces list and then on each > interface/ip-address its sets up the port for listening. > While in case of kadmind it uses wildcard to set up the port for > listening. > > Any specific reason for having different approaches while setting > up ports?
The UDP service offered by the KDC needs to respond from the same IP address that the client used to reach it. That's not possible with a wildcard-address listener unless your system has support for IP_PKTINFO or IPV6_PKTINFO, which is now supported in our code as well. The TCP listener does use a wildcard address. In kadmind, we're only using TCP, so it can just use the wildcard. The krb524d server uses a wildcard address for UDP, I believe. I don't recall if the client code checks the server's address; it may be a bug to use the wildcard, and we may need to revise the code to match the KDC's code someday, if anyone cares. -- Ken Raeburn, Senior Programmer MIT Kerberos Consortium ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
