diff options
author | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
---|---|---|
committer | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
commit | 2734551417f3e16093c4cc8de51248dd743fa17b (patch) | |
tree | 9410ca0cafe506eca75c35934448a29ad19a6482 /eBones/lib/libkrb/krb_sendauth.3 | |
parent | 73c29c06751229bf5749b8422047cf613fb47bbc (diff) | |
download | FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.zip FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.tar.gz |
Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
Diffstat (limited to 'eBones/lib/libkrb/krb_sendauth.3')
-rw-r--r-- | eBones/lib/libkrb/krb_sendauth.3 | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/eBones/lib/libkrb/krb_sendauth.3 b/eBones/lib/libkrb/krb_sendauth.3 index 5608255..8f250a5 100644 --- a/eBones/lib/libkrb/krb_sendauth.3 +++ b/eBones/lib/libkrb/krb_sendauth.3 @@ -1,5 +1,5 @@ .\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.3 1995/07/18 16:41:03 mark Exp $ +.\" $Id: krb_sendauth.3,v 1.3 1995/09/13 17:23:57 markm Exp $ .\" Copyright 1988 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -82,6 +82,13 @@ The function receives the ticket from the client by reading from a network socket. +To ensure proper behavior on multi-homed systems (machines with more +than one network interface) all sockets used with these routines should +be bound to the same address as that used by the Kerberos library via +.I krb_get_local_addr +or +.I krb_bind_local_addr. + .SH KRB_SENDAUTH .PP This function writes the ticket to @@ -338,7 +345,8 @@ will not work properly on sockets set to non-blocking I/O mode. .SH SEE ALSO -krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) +krb_mk_req(3), krb_rd_req(3), krb_get_phost(3), krb_get_local_addr(3), +krb_bind_local_addr(3) .SH AUTHOR John T. Kohl, MIT Project Athena |