On Tue, 2020-05-26 at 15:09 -0600, Ken Dreyer wrote: > Hi folks, > > In public cloud environments or Kubernetes environments, PTR records > are difficult or impossible for administrators to set. We increasingly > have to tell users to set "rdns = fallback" or "rdns = false". > > I'm wondering what the original purpose of Kerberos' rdns feature was. > Why would a client want or need to do hostname canonicalization? > > I'm also wondering if we will ever be able to default MIT Kerberos' > rdns setting to "fallback" or "false" in a future version. IMHO this > would make it easier to deploy Kerberos applications in modern hosting > environments.
FWIW in RHEL and Fedora we set rdns = false by default since 2013, and we are now also setting dns_canonicalize_hostname to fallback by default. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
