svn rev #24585: branches/krb5-1-9/ doc/ src/config-files/

tlyu@MIT.EDU tlyu at MIT.EDU
Wed Dec 22 14:10:28 EST 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24585
Commit By: tlyu
Log Message:
ticket: 6794
version_fixed: 1.9
status: resolved

pull up r24584 from trunk

 ------------------------------------------------------------------------
 r24584 | tlyu | 2010-12-20 17:52:35 -0500 (Mon, 20 Dec 2010) | 6 lines

 ticket: 6794
 tags: pullup
 target_version: 1.9

 Document rdns libdefault setting.


Changed Files:
U   branches/krb5-1-9/doc/admin.texinfo
U   branches/krb5-1-9/src/config-files/krb5.conf.M
Modified: branches/krb5-1-9/doc/admin.texinfo
===================================================================
--- branches/krb5-1-9/doc/admin.texinfo	2010-12-20 22:52:35 UTC (rev 24584)
+++ branches/krb5-1-9/doc/admin.texinfo	2010-12-22 19:10:27 UTC (rev 24585)
@@ -615,6 +615,13 @@
 If this flag is set, initial tickets by default will be proxiable.
 The default value for this flag is @value{DefaultProxiable}.
 
+ at itemx rdns
+If set to false, prevent the use of reverse DNS resolution when
+translating hostnames into service principal names.  Defaults to
+true.  Setting this flag to false is more secure, but may force
+users to exclusively use fully qualified domain names when
+authenticating to services.
+
 @end table
 
 

Modified: branches/krb5-1-9/src/config-files/krb5.conf.M
===================================================================
--- branches/krb5-1-9/src/config-files/krb5.conf.M	2010-12-20 22:52:35 UTC (rev 24584)
+++ branches/krb5-1-9/src/config-files/krb5.conf.M	2010-12-22 19:10:27 UTC (rev 24585)
@@ -18,7 +18,7 @@
 .\" M.I.T. makes no representations about the suitability of
 .\" this software for any purpose.  It is provided "as is" without express
 .\" or implied warranty.
-.\" "
+.\"
 .TH KRB5.CONF 5
 .SH NAME
 krb5.conf \- Kerberos configuration file
@@ -268,6 +268,13 @@
 If this flag is set, initial tickets by default will be proxiable.
 The default value for this flag is false.
 
+.IP rdns
+If set to false, prevent the use of reverse DNS resolution when
+translating hostnames into service principal names.  Defaults to
+true.  Setting this flag to false is more secure, but may force
+users to exclusively use fully qualified domain names when
+authenticating to services.
+
 .SH APPDEFAULTS SECTION
 
 Each tag in the [appdefaults] section names a Kerberos V5 application

More information about the cvs-krb5 mailing list