[Freeipa-devel] IP address check during IPA install
Petr Spacek
pspacek at redhat.com
Wed Apr 18 13:55:32 UTC 2012
Hello,
please, can somebody explain to me, why our installer strictly checks IP
addresses? I wonder about it from yesterday's IPA meeting and still can't get it.
My naive insight is: "It's a network layer problem and application shouldn't
care."
Of course, there are many protocols with endpoint address inside application
messages (like SIP or RTSP) for various reasons. Where are these addresses in
our case?
HTTP, LDAP, DNS and NTP should be Ok, I think. Or they aren't?
It's Kerberos problem? I know about client IP address inside Kerberos ticket,
but AFAIK it's usually filled with some constant with "ANY_ADDRESS meaning".
I often travel with tickets in credentials cache and these tickets still work,
when I change location and IP address.
So - what I missed? Why pure NAT should create a problem?
Thanks for clarification!
Petr^2 Spacek
More information about the Freeipa-devel
mailing list