[28595] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Document KDC TCP listener change

daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Sep 17 11:10:24 2014

Date: Wed, 17 Sep 2014 11:10:14 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201409171510.s8HFAETX015386@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/59cbb7662282f6f882b5d108cf45bdd042857c6a
commit 59cbb7662282f6f882b5d108cf45bdd042857c6a
Author: Tom Yu <tlyu@mit.edu>
Date:   Tue Sep 16 14:18:17 2014 -0400

    Document KDC TCP listener change
    
    Update documentation to reflect the change in the default KDC TCP
    listener behavior, new in 1.13.
    
    ticket: 6731
    target_version: 1.13
    tags: pullup

 doc/admin/conf_files/kdc_conf.rst |   12 +++++-------
 1 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index d6bfd0e..490ecc0 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -252,13 +252,11 @@ The following tags may be specified in a [realms] subsection:
 **kdc_tcp_ports**
     (Whitespace- or comma-separated list.)  Lists the ports on which
     the Kerberos server should listen for TCP connections, as a
-    comma-separated list of integers.  If this relation is not
-    specified, the compiled-in default is not to listen for TCP
-    connections at all.
-
-    If you wish to change this (note that the current implementation
-    has little protection against denial-of-service attacks), the
-    standard port number assigned for Kerberos TCP traffic is port 88.
+    comma-separated list of integers.  To disable listening on TCP,
+    set this relation to the empty string with ``kdc_tcp_ports = ""``.
+    If this relation is not specified, the default is to listen on TCP
+    port 88 (the standard port).  Prior to release 1.13, the default
+    was not to listen for TCP connections at all.
 
 **master_key_name**
     (String.)  Specifies the name of the principal associated with the
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post