On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote: > On 2015-07-22 20:23, Nathaniel McCallum wrote: > > Related: CVE-2015-5159 > > https://bugzilla.redhat.com/show_bug.cgi?id=1245200 > > The patch prevents a flood attack but I consider more a workaround > than > a solution. I'll update kdcproxy tomorrow.
The problem is that while we can provide a sane default, special applications might require different sizes (either smaller or larger). I think this fix is acceptable since it keeps the solution entirely within the configuration domain. Nathaniel -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code