From: Tom Yu <tlyu@mit.edu>
Date: Wed, 22 Dec 2010 19:10:27 +0000 (+0000)
Subject: pull up r24584 from trunk
X-Git-Tag: krb5-1.9-final~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc46060d07740ae988da862889e8a028d5fdb732;p=thirdparty%2Fkrb5.git

pull up r24584 from trunk

 ------------------------------------------------------------------------
 r24584 | tlyu | 2010-12-20 17:52:35 -0500 (Mon, 20 Dec 2010) | 6 lines

 ticket: 6794
 tags: pullup
 target_version: 1.9

 Document rdns libdefault setting.

ticket: 6794
version_fixed: 1.9
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24585 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/doc/admin.texinfo b/doc/admin.texinfo
index 0c5325466f..5051b5d3f7 100644
--- a/doc/admin.texinfo
+++ b/doc/admin.texinfo
@@ -615,6 +615,13 @@ The default value for this flag is @value{DefaultForwardable}.
 If this flag is set, initial tickets by default will be proxiable.
 The default value for this flag is @value{DefaultProxiable}.
 
+@itemx rdns
+If set to false, prevent the use of reverse DNS resolution when
+translating hostnames into service principal names.  Defaults to
+true.  Setting this flag to false is more secure, but may force
+users to exclusively use fully qualified domain names when
+authenticating to services.
+
 @end table
 
 
diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M
index d03a1f468b..df62d4d524 100644
--- a/src/config-files/krb5.conf.M
+++ b/src/config-files/krb5.conf.M
@@ -18,7 +18,7 @@
 .\" M.I.T. makes no representations about the suitability of
 .\" this software for any purpose.  It is provided "as is" without express
 .\" or implied warranty.
-.\" "
+.\"
 .TH KRB5.CONF 5
 .SH NAME
 krb5.conf \- Kerberos configuration file
@@ -268,6 +268,13 @@ The default value for this flag is false.
 If this flag is set, initial tickets by default will be proxiable.
 The default value for this flag is false.
 
+.IP rdns
+If set to false, prevent the use of reverse DNS resolution when
+translating hostnames into service principal names.  Defaults to
+true.  Setting this flag to false is more secure, but may force
+users to exclusively use fully qualified domain names when
+authenticating to services.
+
 .SH APPDEFAULTS SECTION
 
 Each tag in the [appdefaults] section names a Kerberos V5 application