From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-195462-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 683591382C5
	for <garchives@archives.gentoo.org>; Thu, 11 Mar 2021 10:56:57 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1A8B7E0A0B;
	Thu, 11 Mar 2021 10:56:51 +0000 (UTC)
Received: from mail-out-auth3.hosts.co.uk (mail-out-auth3.hosts.co.uk [85.233.191.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BB3AEE0A01
	for <gentoo-user@lists.gentoo.org>; Thu, 11 Mar 2021 10:56:50 +0000 (UTC)
Received: from host86-155-154-65.range86-155.btcentralplus.com ([86.155.154.65] helo=[192.168.1.64])
	by smtp.hosts.co.uk with esmtpa (Exim)
	(envelope-from <antlists@youngman.org.uk>)
	id 1lKIzl-000A56-8t
	for gentoo-user@lists.gentoo.org; Thu, 11 Mar 2021 10:56:45 +0000
Subject: Re: [gentoo-user] Why do we add the local host name to the 127.0.0.1
 / ::1 entry in the /etc/hosts file?
To: gentoo-user@lists.gentoo.org
References: <65049b74-842b-0211-bbfe-35607c279a75@spamtrap.tnetconsulting.net>
 <3670ec37-c1ba-2351-9999-11f7ef1917dc@spamtrap.tnetconsulting.net>
 <CAK2H+edOhCjcokfLW=qF+HddMRqHNXMrd9gpvyn4NFHpyfObeQ@mail.gmail.com>
 <e1d975b8-fc26-1282-56ed-c898834b766d@spamtrap.tnetconsulting.net>
 <CAK2H+edDexmJEVs=o1oB26_zZfTXrSg=+R=ytsU+CcNR+b_zgA@mail.gmail.com>
 <2e0ee4c9-ef67-f58f-7d38-f0d8984aac40@spamtrap.tnetconsulting.net>
From: Wols Lists <antlists@youngman.org.uk>
Message-ID: <6049F6FF.6090200@youngman.org.uk>
Date: Thu, 11 Mar 2021 10:54:55 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
In-Reply-To: <2e0ee4c9-ef67-f58f-7d38-f0d8984aac40@spamtrap.tnetconsulting.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: f122d632-0a81-400c-a620-7f761ccaaabd
X-Archives-Hash: 92048a257672cd5472e8a2400423fdb7

On 10/03/21 18:37, Grant Taylor wrote:
> ACK
> 
> By default, Kerberos includes IP restrictions in tickets.  It chooses
> the IP based on what the system returns.  So if the system returns
> 127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will
> be non-viable / useless anywhere but localhost.

Could it be (I don't use Kerberos) this tricks Kerberos into associating
127.0.0.1 with your FQDN, so it works for the first person to request
it, and then breaks for everyone else?

Also, bear in mind I think in certain setups /etc/hosts is redundant.
Don't you specify somewhere a list of services to use to look up
computer names, and if /etc/hosts is missing/disabled in that list, it
gets ignored?

Cheers,
Wol