krb5 commit [krb5-1.13]: Document KDC TCP listener change
Tom Yu
tlyu at mit.edu
Thu Sep 18 09:51:42 EDT 2014
https://github.com/krb5/krb5/commit/8f8cf0e62ee839b161dc0ec51d04be40fcb903fc
commit 8f8cf0e62ee839b161dc0ec51d04be40fcb903fc
Author: Tom Yu <tlyu at mit.edu>
Date: Tue Sep 16 14:18:17 2014 -0400
Document KDC TCP listener change
Update documentation to reflect the change in the default KDC TCP
listener behavior, new in 1.13.
(cherry picked from commit 59cbb7662282f6f882b5d108cf45bdd042857c6a)
ticket: 6731
version_fixed: 1.13
status: resolved
doc/admin/conf_files/kdc_conf.rst | 12 +++++-------
1 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index d6bfd0e..490ecc0 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -252,13 +252,11 @@ The following tags may be specified in a [realms] subsection:
**kdc_tcp_ports**
(Whitespace- or comma-separated list.) Lists the ports on which
the Kerberos server should listen for TCP connections, as a
- comma-separated list of integers. If this relation is not
- specified, the compiled-in default is not to listen for TCP
- connections at all.
-
- If you wish to change this (note that the current implementation
- has little protection against denial-of-service attacks), the
- standard port number assigned for Kerberos TCP traffic is port 88.
+ comma-separated list of integers. To disable listening on TCP,
+ set this relation to the empty string with ``kdc_tcp_ports = ""``.
+ If this relation is not specified, the default is to listen on TCP
+ port 88 (the standard port). Prior to release 1.13, the default
+ was not to listen for TCP connections at all.
**master_key_name**
(String.) Specifies the name of the principal associated with the
More information about the cvs-krb5
mailing list