diff options
author | Stef Walter <stefw@redhat.com> | 2012-03-20 21:45:43 +0100 |
---|---|---|
committer | Nalin Dahyabhai <nalin@redhat.com> | 2012-03-20 18:16:59 -0400 |
commit | 2da88740651fa66bb28cb10fbb18dd5fd4956bc0 (patch) | |
tree | bf61074aabc5efb437b60ef1eda327b4f72247f2 /krb5.conf | |
parent | 7d6fe6def6085c7c99e32af92b05a5cef3128127 (diff) | |
download | krb5-2da88740651fa66bb28cb10fbb18dd5fd4956bc0.tar.gz krb5-2da88740651fa66bb28cb10fbb18dd5fd4956bc0.tar.xz krb5-2da88740651fa66bb28cb10fbb18dd5fd4956bc0.zip |
Change back dns_lookup_kdc to the default
The specifications recommend against using TXT records to mapping
hostnames to realms. However they do not recommend against using
SRV records to lookup the KDC.
Change back to the MIT default of enabling DNS for KDC lookup.
This allows automatic configuration and failover.
A theoretical attack involving SRV records could be similarly
accomplished by a similar attack involving the A records for
the KDC hosts.
Diffstat (limited to 'krb5.conf')
-rw-r--r-- | krb5.conf | 1 |
1 files changed, 0 insertions, 1 deletions
@@ -6,7 +6,6 @@ [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false - dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true |