RFC: Turning off reverse hostname resolution by default in 1.10

Jeffrey Altman jaltman at secure-endpoints.com
Wed Jul 6 16:49:31 EDT 2011


On 7/6/2011 4:29 PM, Simo Sorce wrote:
> Jeffrey, as far as I understand the proposal it to simply change the
> default, I have seen no request to remove the rdns parameter, so if you
> need reverse resolution at most you'll have to change rdns = true in
> krb5.conf on clients.
> 
> It may be annoying to have to do that in a haste if you don't know in
> advance and merrily upgrade to 1.10, that's why Greg asked on the list
> before changing the default.

I will let you be the one to tell that to my grandmother when her
Kerberos client package is updated without her knowledge.  With the
engineering talent available I am sure that a better solution can be
developed beyond just changing the default.

Think about this problem with your vendor hat on.  How would you explain
such a change to Red Hat's customers?   How does Red Hat measure the
Help Desk support costs from deploying such a change?

Something to think about.   Please do not respond further.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20110706/0e39aa35/attachment.bin


More information about the Kerberos mailing list