[24134] in Kerberos
Re: krb5kdc: No such device - Cannot bind server socket to port 88
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Jun 22 17:46:13 2005
In-Reply-To: <1119473969.8065.9.camel@localhost.localdomain>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <dd549854935bc27e4669aa27e98200a0@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Wed, 22 Jun 2005 17:44:32 -0400
To: Jim Pharis <binbrain@gmail.com>
cc: kerberos@MIT.EDU
Errors-To: kerberos-bounces@MIT.EDU
On Jun 22, 2005, at 16:59, Jim Pharis wrote:
> My kdc will not start. I get an error message in my kdc log file...
>
> krb5kdc[11331](info): listening on fd 7: udp 192.168.0.1.88
> krb5kdc[11331](info): listening on fd 8: udp 192.168.0.1.750
> krb5kdc: No such device - Cannot bind server socket to port 88 address
> fe88::20f:1fff:feb2:b9c7%253
I've seen the reports, but don't know the cause yet...
Could you try dropping in some code like this just before the call to
bind in kdc/network.c and see if it changes anything?
if (addr->sa_family == AF_INET6) {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) addr;
com_err(data->prog, 0, "zapping scope %d to 0",
sin6->sin6_scope_id);
sin6->sin6_scope_id = 0;
}
It does seem interesting that all the reports I've seen involve unusual
addresses. Yours and one other concerned link-local addresses
(fe80::/10), and one more listed an fd80:: address (an unassigned
block, I think) in the report. Since we're supposed to be filtering
out link-local addresses, this address shouldn't have been used in this
part of the code.
Please let me know what "grep ifaddrs config.cache" in the "src"
directory of your build tree shows. We've got (at least) two different
code paths that could be used for getting the address list, and one of
them clearly isn't doing the filtering that it ought to.
> I'm running Ubuntu Hoary. Is the KDC trying to bind to the ip6 address?
Yes, we try to bind to all local ipv4 and ipv6 addresses separately.
(There's another approach that could use just one socket for all IPv6
traffic, and carry the address info separately, but we're not using it
yet.)
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
