RFC: Turning off reverse hostname resolution by default in 1.10
Frank Cusack
frank+krb at linetwo.net
Wed Jul 6 20:08:55 EDT 2011
On Wed, Jul 6, 2011 at 10:27 AM, <ghudson at mit.edu> wrote:
> Does anyone on this list intentionally rely on PTR lookups for
> Kerberos hostname canonicalization?
>
Yes, for "ssh host". In our case, the canonicalization is done by the ssh
client itself though, not by the krb5 library. Now that I'm aware of the
issue I plan to use KDC aliases instead. Does current MIT support that?
More information about the Kerberos
mailing list