RFC: Turning off reverse hostname resolution by default in 1.10
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Jul 6 16:49:31 EDT 2011
On 7/6/2011 4:29 PM, Simo Sorce wrote:
> Jeffrey, as far as I understand the proposal it to simply change the
> default, I have seen no request to remove the rdns parameter, so if you
> need reverse resolution at most you'll have to change rdns = true in
> krb5.conf on clients.
>
> It may be annoying to have to do that in a haste if you don't know in
> advance and merrily upgrade to 1.10, that's why Greg asked on the list
> before changing the default.
I will let you be the one to tell that to my grandmother when her
Kerberos client package is updated without her knowledge. With the
engineering talent available I am sure that a better solution can be
developed beyond just changing the default.
Think about this problem with your vendor hat on. How would you explain
such a change to Red Hat's customers? How does Red Hat measure the
Help Desk support costs from deploying such a change?
Something to think about. Please do not respond further.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20110706/0e39aa35/attachment.bin
More information about the Kerberos
mailing list