[1406] in Kerberos
Re: Kerberos and two ethernet ports
daemon@ATHENA.MIT.EDU (Galina Kofman)
Thu May 23 14:05:16 1991
Date: Thu, 23 May 1991 14:47:13 GMT
From: galina@watson.ibm.com._ (Galina Kofman)
To: kerberos@shelby.Stanford.EDU
In <10452@castle.ed.ac.uk> jaw@castle.ed.ac.uk (Graeme Wood) writes:
>
> I have recently attemted to put up kerberos on a Sequent S81. The
> source was the Bones distribution with Eric Young's DES library.
>
> The source compiled ok, but when I run kinit and talked to our kerberos
> server I get an authentication error:
>
> sequent$ kinit
> EUCS Project Fred (sequent)
> Kerberos Initialization
> Kerberos name: jaw
> kinit: Password incorrect
> sequent$
>
> I believe that the problem is caused by the Sequent having two ethernet
> ports and kerberos is seeing a request coming from the secondary enet
> port with the IP address of the primary enet port in the authenticator
> and so rejects the request thinking that someone is trying to masquerade
> as the host.
>
> Has anyone else seen this problem? Does anybody have any ideas as to
> what could be happening and how I could fix it or work around it?
>
> Graeme Wood
> (Graeme.Wood@edinburgh.ac.uk)
If you have multihomed host, you can specify the your particular ip address
by doing bind on your local socket. This is what I have done to make the
code run on our multihomed host:
In send_to_kdc.c after the socket was obtained add:
if ( loc_host_addr == 0 ) /* static u_long loc_host_addr = 0 initially */ {
if ( (loc_host_addr = gethostid()) == 0) {
if (krb_debug)
fprintf(stderr, "%s: Gethostid error\n", prog);
return(SKDC_CANT);
}
}
local.sin_addr.s_addr = loc_host_addr;
local.sin_family = AF_INET;
if (bind(f, &local, S_AD_SZ, 0) < 0) /* struct sockaddr_in local */ {
if (krb_debug)
fprintf(stderr, "%s: Can't bind \n", prog);
return(SKDC_CANT);
Similar code was added to kadm_cli_wrap.c, adm_serv.c, kerberos.c, etc
K5 supports multihomed hosts.
Galina Kofman.
