krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS

Neulinger, Nathan nneul at
Wed Apr 9 11:01:29 EDT 2003

If the ssh server were bound specifically to the interface with the
cluster address instead of to, do you think that would help any?

Nathan Neulinger                       EMail:  nneul at
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

> -----Original Message-----
> From: Matt Crawford [mailto:crawdad at] 
> Sent: Wednesday, April 09, 2003 9:41 AM
> To: Neulinger, Nathan
> Cc: John Hascall; krbdev; Sam Hartman
> Subject: Re: krb5_sname_to_principal or LDAP/SASL/GSSAPI and 
> reverse DNS 
> > SSH w/ gssapi forwarding does not work... On the server side, it
> > complains about misc failure, wrong principal in request, got no
> > client creds, then closes the connection.
> It's tough to write a GSS service in a way that will accept whatever
> valid service name the client may call it by.  The straightforward
> approach chooses the service's name before getting any token from the
> client.

More information about the krbdev mailing list