1 |
On 3/10/21 10:43 AM, Mark Knecht wrote: |
2 |
> OK, agreed, completely. localhost must be turned into an IP address. |
3 |
|
4 |
:-) |
5 |
|
6 |
> I guess what I was thinking was DNS means Server. If it's a Service |
7 |
> then that's different. I think we're in agreement that if it can find |
8 |
> the name in /etc/hosts, either actively or cached somewhere in memory, |
9 |
> then it doesn't have to send anything over a cable to get the answer. |
10 |
> |
11 |
> And cable is too generic as I understand that DNS might be on this |
12 |
> machine. |
13 |
|
14 |
How about we settle on a UDP and / or TCP connection to a service |
15 |
somewhere, local or remote, that translates a name to an IP. ;-) |
16 |
|
17 |
> Agreed but I suspect if I don't have it in /etc/hosts then I'm unlikely |
18 |
> to get results that make sense in real time, but that's case buy case. |
19 |
|
20 |
I think a number of DNS servers are defaulting to resolve A queries for |
21 |
"localhost" to 127.0.0.1 and AAAA to ::1. So, even if it's not in |
22 |
/etc/hosts, you'll still probably get the expected resolution. |
23 |
|
24 |
> <LOL> I'm approaching my 66th birthday. Deep dark times for me are |
25 |
> almost certainly more recent dates than for you. ;-) |
26 |
|
27 |
~chuckle~ |
28 |
|
29 |
> I took it as simply a Kerberos setup/config warning. Whoever wrote |
30 |
> that had an opinion, experience or both and wanted you to know that. I |
31 |
> didn't read anything more into it. |
32 |
|
33 |
ACK |
34 |
|
35 |
By default, Kerberos includes IP restrictions in tickets. It chooses |
36 |
the IP based on what the system returns. So if the system returns |
37 |
127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will |
38 |
be non-viable / useless anywhere but localhost. |
39 |
|
40 |
> The author cannot change what "some distros" do but wants to give |
41 |
> you a fighting chance to get Kerberos working in case you're using |
42 |
> one. Makes no sense to mention a specific distro because the list |
43 |
> probably changes over time. |
44 |
|
45 |
Agreed. |
46 |
|
47 |
> Basically "You'd be wise to look at your /etc/hosts file and fix |
48 |
> this silly configuration error that some distros do before trying to |
49 |
> setup Kerberos" |
50 |
|
51 |
Yep. Experience has shown that it breaks things. |
52 |
|
53 |
> I'm not a sys admin nor a Gentoo developer or documenter so I cannot |
54 |
> comment on the manual specifically. |
55 |
> |
56 |
> As I no longer run Gentoo - I haven't for about 3 years other than |
57 |
> one remaining VM seldom used and seldom updated - I'm way out of |
58 |
> touch with the actual manual but interested in the subject. |
59 |
|
60 |
Fair enough. |
61 |
|
62 |
|
63 |
|
64 |
-- |
65 |
Grant. . . . |
66 |
unix || die |