Thanks for the info about modifying Kerberos to run on localhost. I found a somewhat simpler solution however which works fine for me. I simply set up a dummy network device (first compiled it into the kernel - I think the dummy device has been there for quite a while), and configured it with an IP address I wanted, changed the hostname to a hostname reflecting that IP address and used that hostname to set up my Kerberos server. It works great!
Mark. [EMAIL PROTECTED] (Dr. Greg Wettstein) wrote in message news:<[EMAIL PROTECTED]>... > On Nov 23, 1:06pm, Mark Phalan wrote: > } Subject: Re: Client and server on same machine > > > > [EMAIL PROTECTED] (Sam Hartman) wrote in message news:<[EMAIL PROTECTED]>... > > > The KDC cannot run on localhost. You can run everything on one > > > machine, but you need to use a real network interface and make sure > > > your clients talk to the kdc over that real network interface. > > Actually you can run everything, for testing, on localhost but you > need a source code dive, at least in 1.2.8. > > > I do not have (at this time) a network card. Is it possible to > > create a dummy network interface which is in fact localhost? > > I do my development work on 1.2.8 on my laptop using only the > localhost (127.0.0.1) interface. I don't know how much has changed in > the 1.3.x code drops but the hack needed to support localhost > operation is pretty straight forward in 1.2.8. > > The file in question is network.c in the kdc sub-directory. The > clause in question is as follows: > > #ifdef IFF_LOOPBACK > /* None of the current callers want loopback addresses. > */ > if (ifreq.ifr_flags & IFF_LOOPBACK) > goto skip; > #endif > > > If you surround the #ifdef IFF_LOOPBACK with an #ifdef 0/#endif pair to > disable the check and recompile you will have a KDC which operates on > the 127.0.0.1 or localhost interface. > > IMPORTANT NOTE: > > Operating in this mode requires that you really understand how > Kerberos works, especially with respect to naming services, ie > DNS and name resolution. Don't look to the list for too much > help, be prepared to exert some elbow grease and figure out > issues on your own dime. > > This check was also, obviously, put in for a reason. Do not > use a modified KDC when you are attached to a network or very > anything that is designed to be remotely secure. This is a > 'your on your own' hack for testing on a private and isolated > machine. > > Good luck with your work. > > }-- End of excerpt from Mark Phalan > > As always, > GW > > The Hurderos Project - Open Identity and Authorization Management > ------------------------------------------------------------------------------ > "The price of reliability is the pursuit of the utmost simplicity." > -- C.A.R. Hoare > 1980 ACM Turning Award Lecture > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
