oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5.conf(5): New block_dns option.

Browse Source 
Documented and verified, not yet implemented.
This commit is contained in:
Taylor R Campbell
2023-06-09 00:06:32 +00:00
committed by Nico Williams
parent 42e23b1777
commit fa4c4430f6
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/krb5/krb5.conf.5
View File

@@ -199,6 +199,9 @@ The default is the result of
.It Li allow_weak_crypto = Va boolean .It Li allow_weak_crypto = Va boolean
are weak crypto algorithms allowed to be used, among others, DES is are weak crypto algorithms allowed to be used, among others, DES is
considered weak. considered weak.
.It Li block_dns = Va boolean
If true, prevent Heimdal from doing any DNS resolution.
Default is false.
.It Li clockskew = Va time .It Li clockskew = Va time
Maximum time differential (in seconds) allowed when comparing Maximum time differential (in seconds) allowed when comparing
times. times.

1
lib/krb5/verify_krb5_conf.c
View File

@@ -395,6 +395,7 @@ struct entry v4_name_convert_entries[] = {
struct entry libdefaults_entries[] = { struct entry libdefaults_entries[] = {
{ "accept_null_addresses", krb5_config_string, check_boolean, 0 }, { "accept_null_addresses", krb5_config_string, check_boolean, 0 },
{ "allow_weak_crypto", krb5_config_string, check_boolean, 0 }, { "allow_weak_crypto", krb5_config_string, check_boolean, 0 },
{ "block_dns", krb5_config_string, check_boolean, 0 },
{ "capath", krb5_config_list, all_strings, 1 }, { "capath", krb5_config_list, all_strings, 1 },
{ "ccapi_library", krb5_config_string, NULL, 0 }, { "ccapi_library", krb5_config_string, NULL, 0 },
{ "check_pac", krb5_config_string, check_boolean, 0 }, { "check_pac", krb5_config_string, check_boolean, 0 },