diff options
author | Greg Hudson <ghudson@mit.edu> | 2020-09-20 12:02:38 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-09-22 17:50:14 -0400 |
commit | 521175fd41f09d97d15d4d5a40b6611b81ef375f (patch) | |
tree | e219e028f7c039f58ee615c5d281c4a733ea5ed1 /doc/admin/realm_config.rst | |
parent | 414d67b321e79b2f33d578a1e7fdf7dee726cdde (diff) | |
download | krb5-521175fd41f09d97d15d4d5a40b6611b81ef375f.zip krb5-521175fd41f09d97d15d4d5a40b6611b81ef375f.tar.gz krb5-521175fd41f09d97d15d4d5a40b6611b81ef375f.tar.bz2 |
Update SRV record documentation
The KDC has listened to TCP connections by default since commit
8d88e2ab00be126237569dc72827ced2ce6b7d04 (ticket 6731). Update the
documentation for _kerberos._tcp accordingly.
Correct a formatting error introduced by commit
10eb93809b1af06e2b1147aee2e3e50058ba1bbd (ticket 8921).
For _kpasswd._udp, if the _kerberos-adm._tcp fallback is used, the
port number is changed to 464, not 749.
Add entries for _kerberos-master._tcp and _kpasswd._tcp.
ticket: 8948
Diffstat (limited to 'doc/admin/realm_config.rst')
-rw-r--r-- | doc/admin/realm_config.rst | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/doc/admin/realm_config.rst b/doc/admin/realm_config.rst index caacc70..35e4857 100644 --- a/doc/admin/realm_config.rst +++ b/doc/admin/realm_config.rst @@ -144,11 +144,9 @@ _kerberos._udp the most often. Normally you should list port 88 on each of your KDCs. _kerberos._tcp - This is for contacting any KDC by TCP. The MIT KDC by default - will not listen on any TCP ports, so unless you've changed the - configuration or you're running another KDC implementation, you - should leave this unspecified. If you do enable TCP support, - normally you should use port 88. + This is for contacting any KDC by TCP. Normally you should use + port 88. This entry should be omitted if the KDC does not listen + on TCP ports, as was the default prior to release 1.13. _kerberos-master._udp This entry should refer to those KDCs, if any, that will immediately see password changes to the Kerberos database. If a @@ -163,11 +161,16 @@ _kerberos-master._udp not complete at this time, but it will eventually be used by the :ref:`kadmin(1)` program and related utilities. For now, you will also need the **admin_server** variable in :ref:`krb5.conf(5)`. - _kpasswd._udp This should list port 464 on your primary KDC. It - is used when a user changes her password. If this entry is not - defined but a _kerberos-adm._tcp entry is defined, the client will - use the _kerberos-adm._tcp entry with the port number changed - to 749. +_kerberos-master._tcp + The corresponding TCP port for _kerberos-master._udp, assuming the + primary KDC listens on a TCP port. +_kpasswd._udp + This entry should list port 464 on your primary KDC. It is used + when a user changes her password. If this entry is not defined + but a _kerberos-adm._tcp entry is defined, the client will use the + _kerberos-adm._tcp entry with the port number changed to 464. +_kpasswd._tcp + The corresponding TCP port for _kpasswd._udp. The DNS SRV specification requires that the hostnames listed be the canonical names, not aliases. So, for example, you might include the |