From: Tom Yu Date: Tue, 16 Sep 2014 18:18:17 +0000 (-0400) Subject: Document KDC TCP listener change X-Git-Tag: krb5-1.14-alpha1~237 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F209%2Fhead;p=thirdparty%2Fkrb5.git Document KDC TCP listener change Update documentation to reflect the change in the default KDC TCP listener behavior, new in 1.13. ticket: 6731 target_version: 1.13 tags: pullup --- diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst index d6bfd0efc9..490ecc0ecb 100644 --- a/doc/admin/conf_files/kdc_conf.rst +++ b/doc/admin/conf_files/kdc_conf.rst @@ -252,13 +252,11 @@ The following tags may be specified in a [realms] subsection: **kdc_tcp_ports** (Whitespace- or comma-separated list.) Lists the ports on which the Kerberos server should listen for TCP connections, as a - comma-separated list of integers. If this relation is not - specified, the compiled-in default is not to listen for TCP - connections at all. - - If you wish to change this (note that the current implementation - has little protection against denial-of-service attacks), the - standard port number assigned for Kerberos TCP traffic is port 88. + comma-separated list of integers. To disable listening on TCP, + set this relation to the empty string with ``kdc_tcp_ports = ""``. + If this relation is not specified, the default is to listen on TCP + port 88 (the standard port). Prior to release 1.13, the default + was not to listen for TCP connections at all. **master_key_name** (String.) Specifies the name of the principal associated with the