Disabling reverse dns lookups
Andrew Cobaugh
phalenor at gmail.com
Thu Nov 29 02:56:58 EST 2007
I've seen this discussed before, but I'm having some trouble.
My situation is that I have sshd behind a NAT. The public IP has an A
record from one of my domain names, but I have no control over the PTR
record, as this is a cable modem connection, so the ISP controls that.
So, the client goes to do a reverse dns lookup on the IP address, and
gets the PTR record provided by the ISP, which breaks gssapi-with-mic.
I have tried setting "rdns = false" under [libdefaults] in
/etc/krb5.conf on the client, yet this doesn't seem to have had any
effect. I'm at a loss as to why.
The client is Kerberos 1.6.2 (krb5-libs-1.6.2-9.fc8) on Fedora 8, sshd
is on Solaris 10u3 with Kerberos 1.6, and KDC is also Kerberos 1.6.
Any pointers to why the rdns setting isn't working are greatly appreciated.
--
Andy Cobaugh
phalenor at gmail.com
More information about the Kerberos
mailing list