Document KDC TCP listener change

Update documentation to reflect the change in the default KDC TCP listener behavior, new in 1.13. ticket: 6731 target_version: 1.13 tags: pullup
krb5 · Sep 16, 2014 · 59cbb76 · 59cbb76
1 parent 8d88e2a
commit 59cbb76
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
@@ -252,13 +252,11 @@ The following tags may be specified in a [realms] subsection:
 **kdc_tcp_ports**
     (Whitespace- or comma-separated list.)  Lists the ports on which
     the Kerberos server should listen for TCP connections, as a
-    comma-separated list of integers.  If this relation is not
-    specified, the compiled-in default is not to listen for TCP
-    connections at all.
-
-    If you wish to change this (note that the current implementation
-    has little protection against denial-of-service attacks), the
-    standard port number assigned for Kerberos TCP traffic is port 88.
+    comma-separated list of integers.  To disable listening on TCP,
+    set this relation to the empty string with ``kdc_tcp_ports = ""``.
+    If this relation is not specified, the default is to listen on TCP
+    port 88 (the standard port).  Prior to release 1.13, the default
+    was not to listen for TCP connections at all.
 
 **master_key_name**
     (String.)  Specifies the name of the principal associated with the