rdns, past and future
Ken Dreyer
ktdreyer at ktdreyer.com
Tue May 26 17:09:43 EDT 2020
Hi folks,
In public cloud environments or Kubernetes environments, PTR records
are difficult or impossible for administrators to set. We increasingly
have to tell users to set "rdns = fallback" or "rdns = false".
I'm wondering what the original purpose of Kerberos' rdns feature was.
Why would a client want or need to do hostname canonicalization?
I'm also wondering if we will ever be able to default MIT Kerberos'
rdns setting to "fallback" or "false" in a future version. IMHO this
would make it easier to deploy Kerberos applications in modern hosting
environments.
- Ken
More information about the Kerberos
mailing list