From owner-freebsd-current@FreeBSD.ORG  Fri Mar  5 09:19:08 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 76FD816A4CE
	for <current@freebsd.org>; Fri,  5 Mar 2004 09:19:08 -0800 (PST)
Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3A3D843D46
	for <current@freebsd.org>; Fri,  5 Mar 2004 09:19:08 -0800 (PST)
	(envelope-from tillman@seekingfire.com)
Received: by mail.seekingfire.com (Postfix, from userid 500)
	id 780154B2; Fri,  5 Mar 2004 11:19:07 -0600 (CST)
Date: Fri, 5 Mar 2004 11:19:07 -0600
From: Tillman Hodgson <tillman@seekingfire.com>
To: current@freebsd.org
Message-ID: <20040305171907.GT15679@seekingfire.com>
References: <20040305102543.GJ10864@darkness.comp.waw.pl>
	<Pine.NEB.3.96L.1040305111125.68046C-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.NEB.3.96L.1040305111125.68046C-100000@fledge.watson.org>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
X-GPG-Key-ID: 828AFC7B
X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68  F543 0F0A 7FBC 828A FC7B
X-GPG-Key: http://www.seekingfire.com/gpg_key.asc
X-Urban-Legend: There is lots of hidden information in headers
User-Agent: Mutt/1.5.6i
Subject: Re: HEADS UP: rcNG scripts inside a jail.
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2004 17:19:08 -0000

On Fri, Mar 05, 2004 at 11:35:48AM -0500, Robert Watson wrote:
> On Fri, 5 Mar 2004, Pawel Jakub Dawidek wrote:
> > And here is the list of scripts that I've no idea if they should be
> > available inside a jail or not:
> > 
> > 	bootparams
> > 	kdc
> > 	kerberos
> > 	keyserv
> > 	kpasswdd
<snip>
> 
> I've never tried running Kerberos in a jail, but assuming it didn't mind
> the IP address munging, I see no reason not to allow it.  In fact, you
> might argue that that could be a desirable configuration.

I agree. In fact, it's my preferred way to run KDC if I'm serving more
than one realm (thus more than one KDC) on the same machine.

> rpcbind probably is useful since there's no reason we couldn't run
> userspace RPC applications in a jail.

Such as when one is using NIS in conjunction with Kerberos for jailed
services :-)

-T


-- 
"A man who carries a cat by the tail learns something he can learn in no other
way."
	- Mark Twain