diff options
author | Jen Selby <jenselby@mit.edu> | 2002-06-26 21:15:11 +0000 |
---|---|---|
committer | Jen Selby <jenselby@mit.edu> | 2002-06-26 21:15:11 +0000 |
commit | a522464928341b63106c397cd0635a7d8700bbc8 (patch) | |
tree | 6533fdaf87015c17dab651a46e5bf801314a43de /doc/dnstxt.texinfo | |
parent | 6c3b5028ae243b6afbfe96547d08581c4894ce6b (diff) | |
download | krb5-a522464928341b63106c397cd0635a7d8700bbc8.tar.gz krb5-a522464928341b63106c397cd0635a7d8700bbc8.tar.xz krb5-a522464928341b63106c397cd0635a7d8700bbc8.zip |
* Makefile: changed the way html output is generated, made "make all"
remove generated tex files
* admin.texinfo: added sections about encryption types and salts,
updated the configuration file sections, revised the example
configuration files, updated dates on output strings, added an
explanation of destroying a Kerberos database
* build.texinfo: changed the description of the tarball
* definitions.texinfo: added variables for all the default values
so that they can all be updated in one place, changed the release
from 1.2 to 1.3
* dnstxt.texinfo updated the information
* install.texinfo added more description of the configuration files
and the minimum needed in the files to set up a kerberos realm,
revised the examples of the configuration file sections, took out
old encryption type and salt information
* kdcconf.texinfo: new file, taken from the admin guide and included
in both the admin and install guides, provides descriptions of the
sections in kdc.conf
* krb425.texinfo: moved a texinfo tag so that makeinfo --html would
work
* krb5conf.texinfo: new file, take from the admin guide and included
in both the admin and install guides, provides descriptions of the
sections in krb5.conf
* man2html, man2html.M: new files, a perl program to create html pages
from the output of the man command
* salts.texinfo: new file, a description of the different salt types
that are currently supported
* support-enc.texinfo: new file, a description of the currently
supported encryptions types
* user-guide.texinfo: added a section describing different ticket
flags, added a way to have the man pages in the reference section
accessible in the html version of the documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14587 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'doc/dnstxt.texinfo')
-rw-r--r-- | doc/dnstxt.texinfo | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/doc/dnstxt.texinfo b/doc/dnstxt.texinfo index 535ac4438..e06d220cf 100644 --- a/doc/dnstxt.texinfo +++ b/doc/dnstxt.texinfo @@ -8,15 +8,15 @@ hostname-by-hostname basis. Since greater specificity takes precedence, you would do this by specifying the mappings for a given domain or subdomain and listing the exceptions. -The second mechanism, recently introduced into the MIT code base but not -currently used by default, works by looking up the information in -special @code{TXT} records in the Domain Name Service. If this -mechanism is enabled on the client, it will try to look up a @code{TXT} -record for the DNS name formed by putting the prefix @code{_kerberos} in -front of the hostname in question. If that record is not found, it will -try using @code{_kerberos} and the host's domain name, then its parent -domain, and so forth. So for the hostname -BOSTON.ENGINEERING.FOOBAR.COM, the names looked up would be: +The second mechanism works by looking up the information in special +@code{TXT} records in the Domain Name Service. This is currently not +used by default because security holes could result if the DNS TXT +records were spoofed. If this mechanism is enabled on the client, +it will try to look up a @code{TXT} record for the DNS name formed by +putting the prefix @code{_kerberos} in front of the hostname in question. +If that record is not found, it will try using @code{_kerberos} and the +host's domain name, then its parent domain, and so forth. So for the +hostname BOSTON.ENGINEERING.FOOBAR.COM, the names looked up would be: @smallexample _kerberos.boston.engineering.foobar.com |