[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Make SASL hostname canonicalization optional (RFC on patch approach)

"Joel Johnson" <mrjoel@lixil.net> writes:

> A deficiency of the previously patch [1] appears to be that the option
> is not configurable, so I have created a related patch [2] (currently
> against 2.4.8, not quite HEAD) to add a runtime configuration option to
> select whether or not the name canonicalization should be performed. It
> defaults to true, the current behavior. The patch is still in progress,
> but has the functionality and provides an illustration of my
> approach. The following are known issues that will be addressed:

For what it's worth, this approach (making canonicalization configurable
and defaulting to on) is the same approach that's been taken by GSSAPI
implementers.  (By setting rdns = false in [libdefaults] for MIT Kerberos,
for example.)

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>