Allow user to restrict KDC to specific addresses

krb5kdc has always only supported binding to the wildcard addresses. Add two configuration options to allow specifying the address/port that krb5kdc listens on for UDP and TCP connections. [ghudson@mit.edu: edited documentation; preserved kdc_ports = "" behavior; made kdc_ports and kdc_tcp_ports continue to work in kdcdefaults section] ticket: 1093
author: Sarah Day <sarahday@mit.edu> 2015-12-23 15:01:44 -0500
committer: Greg Hudson <ghudson@mit.edu> 2016-07-18 11:22:48 -0400
commit: 5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae (patch)
tree: 83a076977a521941a1e1ebfc5ed6ec1420c50c5d /src/config-files
parent: aa91cb5dbbd4356c7a9069f4f52a10f70d91bc00 (diff)
download: krb5-5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae.zip
krb5-5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae.tar.gz
krb5-5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae.tar.bz2
1 files changed, 4 insertions, 2 deletions
diff --git a/src/config-files/kdc.conf b/src/config-files/kdc.conf
index e7ef0f9..bc5076d 100644
--- a/src/config-files/kdc.conf
+++ b/src/config-files/kdc.conf
@@ -1,12 +1,14 @@
 [kdcdefaults]
-	kdc_ports = 88
+	kdc_listen = 88
+	kdc_tcp_listen = 88
 
 [realms]
 	ATHENA.MIT.EDU = {
 		database_name = /usr/local/var/krb5kdc/principal
 		acl_file = /usr/local/var/krb5kdc/kadm5.acl
 		key_stash_file = /usr/local/var/krb5kdc/.k5.ATHENA.MIT.EDU
-		kdc_ports = 88
+		kdc_listen = 88
+		kdc_tcp_listen = 88
 		max_life = 10h 0m 0s
 		max_renewable_life = 7d 0h 0m 0s
 	}
author	Sarah Day <sarahday@mit.edu>	2015-12-23 15:01:44 -0500
committer	Greg Hudson <ghudson@mit.edu>	2016-07-18 11:22:48 -0400
commit	5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae (patch)
tree	83a076977a521941a1e1ebfc5ed6ec1420c50c5d /src/config-files
parent	aa91cb5dbbd4356c7a9069f4f52a10f70d91bc00 (diff)
download	krb5-5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae.zip krb5-5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae.tar.gz krb5-5f53d6cfb2cdc2e666a3fd2fe4f3ef21aa8258ae.tar.bz2