krb5 commit [krb5-1.13]: Document KDC TCP listener change

Tom Yu tlyu at mit.edu
Thu Sep 18 09:51:42 EDT 2014


https://github.com/krb5/krb5/commit/8f8cf0e62ee839b161dc0ec51d04be40fcb903fc
commit 8f8cf0e62ee839b161dc0ec51d04be40fcb903fc
Author: Tom Yu <tlyu at mit.edu>
Date:   Tue Sep 16 14:18:17 2014 -0400

    Document KDC TCP listener change
    
    Update documentation to reflect the change in the default KDC TCP
    listener behavior, new in 1.13.
    
    (cherry picked from commit 59cbb7662282f6f882b5d108cf45bdd042857c6a)
    
    ticket: 6731
    version_fixed: 1.13
    status: resolved

 doc/admin/conf_files/kdc_conf.rst |   12 +++++-------
 1 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index d6bfd0e..490ecc0 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -252,13 +252,11 @@ The following tags may be specified in a [realms] subsection:
 **kdc_tcp_ports**
     (Whitespace- or comma-separated list.)  Lists the ports on which
     the Kerberos server should listen for TCP connections, as a
-    comma-separated list of integers.  If this relation is not
-    specified, the compiled-in default is not to listen for TCP
-    connections at all.
-
-    If you wish to change this (note that the current implementation
-    has little protection against denial-of-service attacks), the
-    standard port number assigned for Kerberos TCP traffic is port 88.
+    comma-separated list of integers.  To disable listening on TCP,
+    set this relation to the empty string with ``kdc_tcp_ports = ""``.
+    If this relation is not specified, the default is to listen on TCP
+    port 88 (the standard port).  Prior to release 1.13, the default
+    was not to listen for TCP connections at all.
 
 **master_key_name**
     (String.)  Specifies the name of the principal associated with the


More information about the cvs-krb5 mailing list