On Tuesday, June 08, 2004 08:08:21 -0500 "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
gssklog used 750 TCP as it was to run on the AFS database servers, and as Kerberos V5 was being added to AFS, the KDC would be on different machines. Thus there should be no other uses of port 750 TCP on an AFS server.
Eww. Hm; I feel the need to repeat that. EWWW.
So I suspect that you have a Heimdal KDC running on the AFS server, and it is listing on port 750 TCP. Since the V4 would never use TCP, and V5 uses port 88 the KDC should not need to listen on 750 TCP.
Hopfully these is a way to tell the KDC to not use 750 TCP. Or you can start the gssklogd before the KDC.
Indeed there is. Simply include a "ports" setting in the [kdc] section of krb5.conf or kdc.conf, with a complete list of ports you _do_ want the KDC to listen on. The standard settings listen on:
88 always 80/tcp if Kerberos-over-HTTP is enabled 750 if V4 support is enabled 4444 if 524 service is enabled 7004 if kaserver emulation is enabled
So to get all of these, but not 750/tcp, you'd say something like
[kdc] ports = 88 80/tcp 750/udp 4444 7004
Note that including any ports directive disables the defaults. If you merely want to _add_ ports, you can include a "+" in the list of ports, which stands for the complete set of default bindings. But in this case you want to _subtract_ from the default set, so the "+" must not be listed.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
