rdns, past and future

Ken Dreyer ktdreyer at ktdreyer.com
Tue May 26 17:09:43 EDT 2020


Hi folks,

In public cloud environments or Kubernetes environments, PTR records
are difficult or impossible for administrators to set. We increasingly
have to tell users to set "rdns = fallback" or "rdns = false".

I'm wondering what the original purpose of Kerberos' rdns feature was.
Why would a client want or need to do hostname canonicalization?

I'm also wondering if we will ever be able to default MIT Kerberos'
rdns setting to "fallback" or "false" in a future version. IMHO this
would make it easier to deploy Kerberos applications in modern hosting
environments.

- Ken


More information about the Kerberos mailing list