[38737] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

rdns, past and future

daemon@ATHENA.MIT.EDU (Ken Dreyer)
Tue May 26 17:12:42 2020

MIME-Version: 1.0
From: Ken Dreyer <ktdreyer@ktdreyer.com>
Date: Tue, 26 May 2020 15:09:43 -0600
Message-ID: <CAD3FbMWbxiS=2Qx_6igCX-RWsO4L5qOtX8p74Wx0AL+in+Uqaw@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi folks,

In public cloud environments or Kubernetes environments, PTR records
are difficult or impossible for administrators to set. We increasingly
have to tell users to set "rdns = fallback" or "rdns = false".

I'm wondering what the original purpose of Kerberos' rdns feature was.
Why would a client want or need to do hostname canonicalization?

I'm also wondering if we will ever be able to default MIT Kerberos'
rdns setting to "fallback" or "false" in a future version. IMHO this
would make it easier to deploy Kerberos applications in modern hosting
environments.

- Ken
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38737] in Kerberos

rdns, past and future

daemon@ATHENA.MIT.EDU (Ken Dreyer)Tue May 26 17:12:42 2020

daemon@ATHENA.MIT.EDU (Ken Dreyer)
Tue May 26 17:12:42 2020