diff --git a/krb5-1.6.3-kdc_listen_all.patch b/krb5-1.6.3-kdc_listen_all.patch
new file mode 100644
index 0000000..946199e
--- /dev/null
+++ b/krb5-1.6.3-kdc_listen_all.patch
@@ -0,0 +1,247 @@
+Provide an option to make the KDC also listen on loopback interfaces for
+datagram requests.  Adds an internal symbol to libkrb5 which the KDC
+needs if listening on loopback is enabled.
+
+The default might be better changed from FALSE to TRUE so that the
+default matches what we do with stream sockets.
+
+FIXME: doesn't add documentation anywhere.
+
+diff -up src/include/foreachaddr.h src/include/foreachaddr.h
+--- src/include/foreachaddr.h	2004-05-05 18:44:46.000000000 -0400
++++ src/include/foreachaddr.h	2008-04-04 15:39:28.000000000 -0400
+@@ -62,3 +62,18 @@ krb5int_foreach_localaddr (/*@null@*/ vo
+     ;
+ 
+ #define foreach_localaddr krb5int_foreach_localaddr
++
++extern int
++krb5int_foreach_localaddr_ext (/*@null@*/ void *data,
++			       int (*pass1fn) (/*@null@*/ void *,
++					       struct sockaddr *) /*@*/,
++			       /*@null@*/ krb5_boolean (*skipfn) (/*@null@*/ struct sockaddr *, int) /*@*/,
++			       /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
++			       /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
++							  struct sockaddr *) /*@*/)
++#if defined(DEBUG) || defined(TEST)
++     /*@modifies fileSystem@*/
++#endif
++    ;
++
++#define foreach_localaddr_ext krb5int_foreach_localaddr_ext
+diff -up src/kdc/kdc_util.h src/kdc/kdc_util.h
+--- src/kdc/kdc_util.h	2008-04-04 16:28:18.000000000 -0400
++++ src/kdc/kdc_util.h	2008-04-04 16:51:27.000000000 -0400
+@@ -126,6 +126,7 @@ krb5_error_code kdc_initialize_rcache (k
+ krb5_error_code setup_server_realm (krb5_principal);
+ 
+ /* network.c */
++void process_listen_loopback (krb5_boolean);
+ krb5_error_code listen_and_process (const char *);
+ krb5_error_code setup_network (const char *);
+ krb5_error_code closedown_network (const char *);
+diff -up src/kdc/main.c src/kdc/main.c
+--- src/kdc/main.c	2008-04-04 16:22:43.000000000 -0400
++++ src/kdc/main.c	2008-04-04 16:55:22.000000000 -0400
+@@ -422,6 +422,7 @@ initialize_realms(krb5_context kcontext,
+     krb5_enctype	menctype = ENCTYPE_UNKNOWN;
+     kdc_realm_t		*rdatap;
+     krb5_boolean	manual = FALSE;
++    krb5_boolean	listen_loopback = FALSE;
+     char		*default_udp_ports = 0;
+     char		*default_tcp_ports = 0;
+     krb5_pointer	aprof;
+@@ -448,6 +449,9 @@ initialize_realms(krb5_context kcontext,
+ 	if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &v4mode))
+ 	    v4mode = 0;
+ #endif
++	hierarchy[1] = "kdc_listen_loopback";
++	if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE, &listen_loopback))
++	    listen_loopback = FALSE;
+ 	/* aprof_init can return 0 with aprof == NULL */
+ 	if (aprof)
+ 	     krb5_aprof_finish(aprof);
+@@ -587,6 +591,8 @@ initialize_realms(krb5_context kcontext,
+     free(v4mode);
+ #endif
+ 
++    process_listen_loopback(listen_loopback);
++
+     /*
+      * Check to see if we processed any realms.
+      */
+diff -up src/kdc/network.c src/kdc/network.c
+--- src/kdc/network.c	2008-04-04 15:39:28.000000000 -0400
++++ src/kdc/network.c	2008-04-04 16:51:44.000000000 -0400
+@@ -221,6 +221,7 @@ static SET(u_short) udp_port_data, tcp_p
+ #include "cm.h"
+ 
+ static struct select_state sstate;
++static krb5_boolean listen_loopback;
+ 
+ static krb5_error_code add_udp_port(int port)
+ {
+@@ -604,6 +605,12 @@ scan_for_newlines:
+ }
+ #endif
+ 
++void
++process_listen_loopback(krb5_boolean listen_loop)
++{
++    listen_loopback = listen_loop;
++}
++
+ /* XXX */
+ extern int krb5int_debug_sendto_kdc;
+ extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t);
+@@ -662,7 +669,9 @@ setup_network(const char *prog)
+        so we might need only one UDP socket; fall back to binding
+        sockets on each address only if IPV6_PKTINFO isn't
+        supported.  */
+-    if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
++    if (listen_loopback ?
++	foreach_localaddr_ext (&setup_data, setup_udp_port, 0, 0, 0) :
++	foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
+ 	return setup_data.retval;
+     }
+     setup_tcp_listener_ports(&setup_data);
+diff -up src/lib/krb5/os/localaddr.c src/lib/krb5/os/localaddr.c
+--- src/lib/krb5/os/localaddr.c	2005-04-13 12:55:43.000000000 -0400
++++ src/lib/krb5/os/localaddr.c	2008-04-04 15:39:28.000000000 -0400
+@@ -242,6 +242,17 @@ addr_eq (const struct sockaddr *s1, cons
+ }
+ #endif
+ 
++static krb5_boolean
++skip_loopback (struct sockaddr *addr, int flags)
++{
++#ifdef IFF_LOOPBACK
++    if (flags & IFF_LOOPBACK) {
++	return TRUE;
++    }
++#endif
++    return FALSE;
++}
++
+ #ifndef HAVE_IFADDRS_H
+ /*@-usereleased@*/ /* lclint doesn't understand realloc */
+ static /*@null@*/ void *
+@@ -413,14 +424,27 @@ get_linux_ipv6_addrs ()
+    indication, it should do it via some field pointed to by the DATA
+    argument.  */
+ 
+-#ifdef HAVE_IFADDRS_H
+-
+ int
+ foreach_localaddr (/*@null@*/ void *data,
+ 		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+ 		   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+ 		   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+ 					      struct sockaddr *) /*@*/)
++{
++    return foreach_localaddr_ext(data, pass1fn,
++				 &skip_loopback, betweenfn,
++				 pass2fn);
++}
++
++#ifdef HAVE_IFADDRS_H
++
++int
++foreach_localaddr_ext (/*@null@*/ void *data,
++		       int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
++		       /*@null@*/ krb5_boolean (*skipfn) (/*@null@*/ struct sockaddr *, int) /*@*/,
++		       /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
++		       /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
++						  struct sockaddr *) /*@*/)
+ #if defined(DEBUG) || defined(TEST)
+      /*@modifies fileSystem@*/
+ #endif
+@@ -436,7 +460,7 @@ foreach_localaddr (/*@null@*/ void *data
+ #endif
+ 	if ((ifp->ifa_flags & IFF_UP) == 0)
+ 	    continue;
+-	if (ifp->ifa_flags & IFF_LOOPBACK) {
++	if (skipfn && (*skipfn)(ifp->ifa_addr, ifp->ifa_flags)) {
+ 	    /* Pretend it's not up, so the second pass will skip
+ 	       it.  */
+ 	    ifp->ifa_flags &= ~IFF_UP;
+@@ -459,7 +483,7 @@ foreach_localaddr (/*@null@*/ void *data
+ 	for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
+ 	    if ((ifp2->ifa_flags & IFF_UP) == 0)
+ 		continue;
+-	    if (ifp2->ifa_flags & IFF_LOOPBACK)
++	    if (skipfn && (*skipfn)(ifp2->ifa_addr, ifp2->ifa_flags))
+ 		continue;
+ 	    if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
+ 		match = 1;
+@@ -488,11 +512,12 @@ foreach_localaddr (/*@null@*/ void *data
+ #elif defined (SIOCGLIFNUM) && defined(HAVE_STRUCT_LIFCONF) /* Solaris 8 and later; Sol 7? */
+ 
+ int
+-foreach_localaddr (/*@null@*/ void *data,
+-		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+-		   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+-		   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+-					      struct sockaddr *) /*@*/)
++foreach_localaddr_ext (/*@null@*/ void *data,
++		       int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
++		       /*@null@*/ int (*skipfn) (/*@null@*/ struct sockaddr *, int) /*@*/,
++		       /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
++		       /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
++					          struct sockaddr *) /*@*/)
+ #if defined(DEBUG) || defined(TEST)
+      /*@modifies fileSystem@*/
+ #endif
+@@ -583,13 +608,12 @@ foreach_localaddr (/*@null@*/ void *data
+ 	    }
+ 	    /*@=moduncon@*/
+ 
+-#ifdef IFF_LOOPBACK
+-	    /* None of the current callers want loopback addresses.  */
+-	    if (lifreq.lifr_flags & IFF_LOOPBACK) {
+-		Tprintf (("  loopback\n"));
++	    if (skipfn && (*skipfn)(lifreq.lifr_addr, lifreq.lifr_flags))
++		if (skipfn && (skipfn == &skip_loopback))
++		    Tprintf (("  loopback\n"));
+ 		goto skip;
+ 	    }
+-#endif
++
+ 	    /* Ignore interfaces that are down.  */
+ 	    if ((lifreq.lifr_flags & IFF_UP) == 0) {
+ 		Tprintf (("  down\n"));
+@@ -755,13 +779,12 @@ foreach_localaddr (/*@null@*/ void *data
+ 	    }
+ 	    /*@=moduncon@*/
+ 
+-#ifdef IFF_LOOPBACK
+ 	    /* None of the current callers want loopback addresses.  */
+-	    if (lifreq.iflr_flags & IFF_LOOPBACK) {
+-		Tprintf (("  loopback\n"));
++	    if (skipfn && (*skipfn)(ifp2->ifa_addr, lifreq.lifr_flags))
++		if (skipfn && (skipfn == &skip_loopback))
++		    Tprintf (("  loopback\n"));
+ 		goto skip;
+ 	    }
+-#endif
+ 	    /* Ignore interfaces that are down.  */
+ 	    if ((lifreq.iflr_flags & IFF_UP) == 0) {
+ 		Tprintf (("  down\n"));
+@@ -971,13 +994,12 @@ foreach_localaddr (/*@null@*/ void *data
+ 	}
+ 	/*@=moduncon@*/
+ 
+-#ifdef IFF_LOOPBACK
+-	/* None of the current callers want loopback addresses.  */
+-	if (ifreq.ifr_flags & IFF_LOOPBACK) {
+-	    Tprintf (("  loopback\n"));
++	if (skipfn && (*skipfn)(NULL, ifreq.ifr_flags))
++	    if (skipfn && (skipfn == &skip_loopback))
++		Tprintf (("  loopback\n"));
+ 	    goto skip;
+ 	}
+-#endif
++
+ 	/* Ignore interfaces that are down.  */
+ 	if ((ifreq.ifr_flags & IFF_UP) == 0) {
+ 	    Tprintf (("  down\n"));