[30862] in CVS-changelog-for-Kerberos-V5
krb5 commit: Update SRV record documentation
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Sep 22 19:36:56 2020
Date: Tue, 22 Sep 2020 19:36:30 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202009222336.08MNaUXE006048@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/521175fd41f09d97d15d4d5a40b6611b81ef375f
commit 521175fd41f09d97d15d4d5a40b6611b81ef375f
Author: Greg Hudson <ghudson@mit.edu>
Date: Sun Sep 20 12:02:38 2020 -0400
Update SRV record documentation
The KDC has listened to TCP connections by default since commit
8d88e2ab00be126237569dc72827ced2ce6b7d04 (ticket 6731). Update the
documentation for _kerberos._tcp accordingly.
Correct a formatting error introduced by commit
10eb93809b1af06e2b1147aee2e3e50058ba1bbd (ticket 8921).
For _kpasswd._udp, if the _kerberos-adm._tcp fallback is used, the
port number is changed to 464, not 749.
Add entries for _kerberos-master._tcp and _kpasswd._tcp.
ticket: 8948
doc/admin/realm_config.rst | 23 +++++++++++++----------
1 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/doc/admin/realm_config.rst b/doc/admin/realm_config.rst
index caacc70..35e4857 100644
--- a/doc/admin/realm_config.rst
+++ b/doc/admin/realm_config.rst
@@ -144,11 +144,9 @@ _kerberos._udp
the most often. Normally you should list port 88 on each of your
KDCs.
_kerberos._tcp
- This is for contacting any KDC by TCP. The MIT KDC by default
- will not listen on any TCP ports, so unless you've changed the
- configuration or you're running another KDC implementation, you
- should leave this unspecified. If you do enable TCP support,
- normally you should use port 88.
+ This is for contacting any KDC by TCP. Normally you should use
+ port 88. This entry should be omitted if the KDC does not listen
+ on TCP ports, as was the default prior to release 1.13.
_kerberos-master._udp
This entry should refer to those KDCs, if any, that will
immediately see password changes to the Kerberos database. If a
@@ -163,11 +161,16 @@ _kerberos-master._udp
not complete at this time, but it will eventually be used by the
:ref:`kadmin(1)` program and related utilities. For now, you will
also need the **admin_server** variable in :ref:`krb5.conf(5)`.
- _kpasswd._udp This should list port 464 on your primary KDC. It
- is used when a user changes her password. If this entry is not
- defined but a _kerberos-adm._tcp entry is defined, the client will
- use the _kerberos-adm._tcp entry with the port number changed
- to 749.
+_kerberos-master._tcp
+ The corresponding TCP port for _kerberos-master._udp, assuming the
+ primary KDC listens on a TCP port.
+_kpasswd._udp
+ This entry should list port 464 on your primary KDC. It is used
+ when a user changes her password. If this entry is not defined
+ but a _kerberos-adm._tcp entry is defined, the client will use the
+ _kerberos-adm._tcp entry with the port number changed to 464.
+_kpasswd._tcp
+ The corresponding TCP port for _kpasswd._udp.
The DNS SRV specification requires that the hostnames listed be the
canonical names, not aliases. So, for example, you might include the
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
