On Sat, May 24, 2008 at 10:02:31AM -0700, Russ Allbery wrote:
> Could you provide more information about where you're seeing this problem?
> Stanford University is using, in production, the following firewall rules:
The log shows the following:
| May 25 10:36:35 kdc1 kadmind[1385]: chpw: Couldn't connect to client: No such
process
And holds several extra sockets open:
| # netstat -ulpen
| Active Internet connections (only servers)
| Proto Recv-Q Send-Q Local Address Foreign Address State
User Inode PID/Program name
| udp 0 0 0.0.0.0:32772 0.0.0.0:*
0 3832 1385/kadmind
| udp 0 0 0.0.0.0:32773 0.0.0.0:*
0 3833 1385/kadmind
| udp 0 0 0.0.0.0:32774 0.0.0.0:*
0 3835 1385/kadmind
| udp 0 0 0.0.0.0:32775 0.0.0.0:*
0 3836 1385/kadmind
| udp 0 0 0.0.0.0:464 0.0.0.0:*
0 3719 1385/kadmind
| udp 0 0 10.42.1.65:88 0.0.0.0:*
0 2941 1125/krb5kdc
| udp6 0 0 fe80::216:3eff:fe4e::88 :::*
0 2943 1125/krb5kdc
It seems that it uses the new sockets to do something special which is
not allowed by my config. But it seems to not send data over it.
Bastian
--
First study the enemy. Seek weakness.
-- Romulan Commander, "Balance of Terror", stardate 1709.2
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]