| 1 |
On 3/10/21 10:43 AM, Mark Knecht wrote: |
| 2 |
> OK, agreed, completely. localhost must be turned into an IP address. |
| 3 |
|
| 4 |
:-) |
| 5 |
|
| 6 |
> I guess what I was thinking was DNS means Server. If it's a Service |
| 7 |
> then that's different. I think we're in agreement that if it can find |
| 8 |
> the name in /etc/hosts, either actively or cached somewhere in memory, |
| 9 |
> then it doesn't have to send anything over a cable to get the answer. |
| 10 |
> |
| 11 |
> And cable is too generic as I understand that DNS might be on this |
| 12 |
> machine. |
| 13 |
|
| 14 |
How about we settle on a UDP and / or TCP connection to a service |
| 15 |
somewhere, local or remote, that translates a name to an IP. ;-) |
| 16 |
|
| 17 |
> Agreed but I suspect if I don't have it in /etc/hosts then I'm unlikely |
| 18 |
> to get results that make sense in real time, but that's case buy case. |
| 19 |
|
| 20 |
I think a number of DNS servers are defaulting to resolve A queries for |
| 21 |
"localhost" to 127.0.0.1 and AAAA to ::1. So, even if it's not in |
| 22 |
/etc/hosts, you'll still probably get the expected resolution. |
| 23 |
|
| 24 |
> <LOL> I'm approaching my 66th birthday. Deep dark times for me are |
| 25 |
> almost certainly more recent dates than for you. ;-) |
| 26 |
|
| 27 |
~chuckle~ |
| 28 |
|
| 29 |
> I took it as simply a Kerberos setup/config warning. Whoever wrote |
| 30 |
> that had an opinion, experience or both and wanted you to know that. I |
| 31 |
> didn't read anything more into it. |
| 32 |
|
| 33 |
ACK |
| 34 |
|
| 35 |
By default, Kerberos includes IP restrictions in tickets. It chooses |
| 36 |
the IP based on what the system returns. So if the system returns |
| 37 |
127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will |
| 38 |
be non-viable / useless anywhere but localhost. |
| 39 |
|
| 40 |
> The author cannot change what "some distros" do but wants to give |
| 41 |
> you a fighting chance to get Kerberos working in case you're using |
| 42 |
> one. Makes no sense to mention a specific distro because the list |
| 43 |
> probably changes over time. |
| 44 |
|
| 45 |
Agreed. |
| 46 |
|
| 47 |
> Basically "You'd be wise to look at your /etc/hosts file and fix |
| 48 |
> this silly configuration error that some distros do before trying to |
| 49 |
> setup Kerberos" |
| 50 |
|
| 51 |
Yep. Experience has shown that it breaks things. |
| 52 |
|
| 53 |
> I'm not a sys admin nor a Gentoo developer or documenter so I cannot |
| 54 |
> comment on the manual specifically. |
| 55 |
> |
| 56 |
> As I no longer run Gentoo - I haven't for about 3 years other than |
| 57 |
> one remaining VM seldom used and seldom updated - I'm way out of |
| 58 |
> touch with the actual manual but interested in the subject. |
| 59 |
|
| 60 |
Fair enough. |
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
-- |
| 65 |
Grant. . . . |
| 66 |
unix || die |
Archives