From owner-freebsd-current@FreeBSD.ORG Fri Mar 5 09:19:08 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76FD816A4CE for ; Fri, 5 Mar 2004 09:19:08 -0800 (PST) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A3D843D46 for ; Fri, 5 Mar 2004 09:19:08 -0800 (PST) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 780154B2; Fri, 5 Mar 2004 11:19:07 -0600 (CST) Date: Fri, 5 Mar 2004 11:19:07 -0600 From: Tillman Hodgson To: current@freebsd.org Message-ID: <20040305171907.GT15679@seekingfire.com> References: <20040305102543.GJ10864@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: Re: HEADS UP: rcNG scripts inside a jail. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 17:19:08 -0000 On Fri, Mar 05, 2004 at 11:35:48AM -0500, Robert Watson wrote: > On Fri, 5 Mar 2004, Pawel Jakub Dawidek wrote: > > And here is the list of scripts that I've no idea if they should be > > available inside a jail or not: > > > > bootparams > > kdc > > kerberos > > keyserv > > kpasswdd > > I've never tried running Kerberos in a jail, but assuming it didn't mind > the IP address munging, I see no reason not to allow it. In fact, you > might argue that that could be a desirable configuration. I agree. In fact, it's my preferred way to run KDC if I'm serving more than one realm (thus more than one KDC) on the same machine. > rpcbind probably is useful since there's no reason we couldn't run > userspace RPC applications in a jail. Such as when one is using NIS in conjunction with Kerberos for jailed services :-) -T -- "A man who carries a cat by the tail learns something he can learn in no other way." - Mark Twain