RFC: Turning off reverse hostname resolution by default in 1.10

Frank Cusack frank+krb at linetwo.net
Wed Jul 6 20:08:55 EDT 2011


On Wed, Jul 6, 2011 at 10:27 AM, <ghudson at mit.edu> wrote:

> Does anyone on this list intentionally rely on PTR lookups for
> Kerberos hostname canonicalization?
>

Yes, for "ssh host".  In our case, the canonicalization is done by the ssh
client itself though, not by the krb5 library.  Now that I'm aware of the
issue I plan to use KDC aliases instead.  Does current MIT support that?



More information about the Kerberos mailing list