From 59cbb7662282f6f882b5d108cf45bdd042857c6a Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 16 Sep 2014 14:18:17 -0400 Subject: [PATCH] Document KDC TCP listener change Update documentation to reflect the change in the default KDC TCP listener behavior, new in 1.13. ticket: 6731 target_version: 1.13 tags: pullup --- doc/admin/conf_files/kdc_conf.rst | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst index d6bfd0efc9..490ecc0ecb 100644 --- a/doc/admin/conf_files/kdc_conf.rst +++ b/doc/admin/conf_files/kdc_conf.rst @@ -252,13 +252,11 @@ The following tags may be specified in a [realms] subsection: **kdc_tcp_ports** (Whitespace- or comma-separated list.) Lists the ports on which the Kerberos server should listen for TCP connections, as a - comma-separated list of integers. If this relation is not - specified, the compiled-in default is not to listen for TCP - connections at all. - - If you wish to change this (note that the current implementation - has little protection against denial-of-service attacks), the - standard port number assigned for Kerberos TCP traffic is port 88. + comma-separated list of integers. To disable listening on TCP, + set this relation to the empty string with ``kdc_tcp_ports = ""``. + If this relation is not specified, the default is to listen on TCP + port 88 (the standard port). Prior to release 1.13, the default + was not to listen for TCP connections at all. **master_key_name** (String.) Specifies the name of the principal associated with the -- 2.47.2