[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running kdc as unprivileged user

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: Running kdc as unprivileged user
From: yury@OCF.Berkeley.EDU (Yury Arkady Sobolev)
Date: Tue, 7 Nov 2006 14:58:33 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <4550E71F.9000700@highlandsun.com>
References: <20061107073656.GA6459@OCF.Berkeley.EDU> <4550E71F.9000700@highlandsun.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.5.9i

One or two ports is not an issue. kdc can listen on an unprivileged port. Port 88 can be forwarded appropriately (if at all). I was more worried about it doing something along the lines of NIS+/portmapper, which is what I am trying to get rid of right now. Anyway, I'll try it out then. Thank you.

-Yury

>On Tue, Nov 07, 2006 at 12:05:51PM -0800, Howard Chu wrote:
>Yury Arkady Sobolev wrote:
>> Can the Kerberos daemons (kdc, kadmin) be run as an unprivileged user? I
>> do not see why not, but I have not found anyone doing this.
>> 
>> -Yury
>> 
>> 
>> The KDC must be privileged to listen on port 88. If you use some other 
>> port number, perhaps you can avoid that requirement.
>
>-- 
> -- Howard Chu
> Chief Architect, Symas Corp.  http://www.symas.com
> Director, Highland Sun        http://highlandsun.com/hyc
> OpenLDAP Core Team            http://www.openldap.org/project/

References:
- Running kdc as unprivileged user
  - From: yury@OCF.Berkeley.EDU (Yury Arkady Sobolev)
- Re: Running kdc as unprivileged user
  - From: Howard Chu <hyc@highlandsun.com>

Prev by Date: Re: Running kdc as unprivileged user
Next by Date: Re: hpropd propagation to slave with ldap backend?
Prev by thread: Re: Running kdc as unprivileged user
Next by thread: Re: Running kdc as unprivileged user
Index(es):
- Date
- Thread