ssh to IP literal
Greg Hudson
ghudson at MIT.EDU
Wed Dec 22 23:43:42 EST 2010
On Tue, 2010-12-21 at 22:57 -0500, Victor Sudakov wrote:
> This setting must be specific to MIT Kerberos, I don't see it in Heimdal.
Whoops, sorry, in your initial message you said you were using Heimdal,
but I missed it.
Heimdal appears to perform a forward canonicalization but never a
reverse lookup, so it behaves kind of similarly to how we do when rdns
is set to false.
> You probably mean gethostname(), not gethostbyname()?
Correct.
> But earlier you said that DNS-canonicalization of the gethostname() is
> used. If we have no DNS, who will canonicalize the hostname?
That's shorthand because so many installations use DNS for hostname
resolution. Heimdal uses getaddrinfo() for its canonicalization step,
and falls back to the raw hostname if that fails.
More information about the Kerberos
mailing list