Comment 9 for bug 1716429

Hi Mathieu,

When debian fixed this issue for Jessie and Wheezy (their stable releases), they left the default to off, in order to not break existing setups that aren't prepared to do validation of the KDC (as it requires possibly setting up an additional keytab). The update for Ubuntu 12.04 LTS included this default. I think this is the sensible thing to do for Ubuntu 14.04 LTS.

(See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796195 and in particular, the added NEWS entry in http://launchpadlibrarian.net/211063096/pykerberos_1.1+svn4895-1build2_1.1+svn4895-1+deb6u1build0.12.04.1.diff.gz for explanation.)

I'm touching up your debdiff to do this (and include a similar NEWS entry), and will push this to trusty-security next week.

Thanks.