[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Make SASL hostname canonicalization optional (RFC on patch approach)
"Joel Johnson" <mrjoel@lixil.net> writes:
> A deficiency of the previously patch [1] appears to be that the option
> is not configurable, so I have created a related patch [2] (currently
> against 2.4.8, not quite HEAD) to add a runtime configuration option to
> select whether or not the name canonicalization should be performed. It
> defaults to true, the current behavior. The patch is still in progress,
> but has the functionality and provides an illustration of my
> approach. The following are known issues that will be addressed:
For what it's worth, this approach (making canonicalization configurable
and defaulting to on) is the same approach that's been taken by GSSAPI
implementers. (By setting rdns = false in [libdefaults] for MIT Kerberos,
for example.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>