Quoting "Ken Raeburn" <raeb...@mit.edu>: > On Jun 7, 2009, at 07:48, Steve Devine wrote: >> Everything works fine and in theory I see no harm but still it seems wrong. >> It seems like I ought to be able to disable listening on the backnet >> interface. >> Is this so or no? > > At present there is no way to control which IP addresses the KDC > process listens on. (The message from Bjørn Tore Sun outlines how > to select the port numbers and whether the KDC listens for TCP > connections, but not a change in IP addresses.) It's assumed for > now that all IP addresses may be advertised in DNS as belonging to > the KDC (yes, we know it's not necessarily true), so we should > listen just in case. The ability to listen on just some addresses > has been requested, but so far hasn't made it far up the priority > list, since it's generally harmless as you say, unless there's some > reason you need the KDC to *not* listen on certain IP addresses. > > -- > Ken Raeburn / raeb...@mit.edu / no longer at MIT Kerberos Consortium > > >
OK thanks Ken. Good to know I'm not missing something, many attempts at this in kdc.conf were getting me nowhere. /sd Steve Devine Email & Storage Academic Technology Services Michigan State University ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos