host name resolution, again (krb5-1.3-alpha1 is available)

Nathan Neulinger nneul at
Fri Mar 14 21:05:10 EST 2003

A similar issue exists with other gssapi code. Makes it pretty difficult
to do any kerberos functionality with dns-rotated hostnames.

I've been able to hack around it for telnet (all keys installed on all
the machines sharing the same name), but haven't figured out a way to
make it work with ssh yet, and haven't even bothered with ftp. 

-- Nathan

On Fri, 2003-03-14 at 19:55, Donn Cave wrote:
> We have a long standing problem here with the GSSAPI ftp application,
> when it resolves the remote host name once each for the connection
> and the credentials request respectively.  This means that it's liable
> to get different answers if DNS doesn't return the same IP first twice
> in a row, and then it gets a key for the wrong host.
> I was getting ready to look at 1.3 and perhaps re-submit this bug,
> but now I find that 1.3's telnet fails the same way, apparently on
> purpose as the gethostbyaddr() was just removed from commands.c.
> So maybe it doesn't make sense to just keep reporting it as a bug,
> if there's some rationale at work here that makes this a feature.
> Is there?
> It isn't exactly a question of whether to do a reverse lookup -
> krb5_sname_to_principal is going to do one anyway.
> Thanks,
> 	Donn Cave, University Computing Services, University of Washington
> 	donn at
> _______________________________________________
> krbdev mailing list             krbdev at

Nathan Neulinger                       EMail:  nneul at
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

More information about the krbdev mailing list