svn rev #24584: trunk/ doc/ src/config-files/

tlyu@MIT.EDU tlyu at MIT.EDU
Mon Dec 20 17:52:35 EST 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24584
Commit By: tlyu
Log Message:
ticket: 6794
tags: pullup
target_version: 1.9

Document rdns libdefault setting.


Changed Files:
U   trunk/doc/admin.texinfo
U   trunk/src/config-files/krb5.conf.M
Modified: trunk/doc/admin.texinfo
===================================================================
--- trunk/doc/admin.texinfo	2010-12-20 17:48:06 UTC (rev 24583)
+++ trunk/doc/admin.texinfo	2010-12-20 22:52:35 UTC (rev 24584)
@@ -615,6 +615,13 @@
 If this flag is set, initial tickets by default will be proxiable.
 The default value for this flag is @value{DefaultProxiable}.
 
+ at itemx rdns
+If set to false, prevent the use of reverse DNS resolution when
+translating hostnames into service principal names.  Defaults to
+true.  Setting this flag to false is more secure, but may force
+users to exclusively use fully qualified domain names when
+authenticating to services.
+
 @end table
 
 

Modified: trunk/src/config-files/krb5.conf.M
===================================================================
--- trunk/src/config-files/krb5.conf.M	2010-12-20 17:48:06 UTC (rev 24583)
+++ trunk/src/config-files/krb5.conf.M	2010-12-20 22:52:35 UTC (rev 24584)
@@ -18,7 +18,7 @@
 .\" M.I.T. makes no representations about the suitability of
 .\" this software for any purpose.  It is provided "as is" without express
 .\" or implied warranty.
-.\" "
+.\"
 .TH KRB5.CONF 5
 .SH NAME
 krb5.conf \- Kerberos configuration file
@@ -268,6 +268,13 @@
 If this flag is set, initial tickets by default will be proxiable.
 The default value for this flag is false.
 
+.IP rdns
+If set to false, prevent the use of reverse DNS resolution when
+translating hostnames into service principal names.  Defaults to
+true.  Setting this flag to false is more secure, but may force
+users to exclusively use fully qualified domain names when
+authenticating to services.
+
 .SH APPDEFAULTS SECTION
 
 Each tag in the [appdefaults] section names a Kerberos V5 application

More information about the cvs-krb5 mailing list