host name resolution, again (krb5-1.3-alpha1 is available)
rra at stanford.edu
Fri Mar 14 21:10:50 EST 2003
Nathan Neulinger <nneul at umr.edu> writes:
> A similar issue exists with other gssapi code. Makes it pretty difficult
> to do any kerberos functionality with dns-rotated hostnames.
> I've been able to hack around it for telnet (all keys installed on all
> the machines sharing the same name), but haven't figured out a way to
> make it work with ssh yet, and haven't even bothered with ftp.
We wrap telnet with a script that does a forward and reverse DNS lookup to
get the "real" name of the current load-balance winner and then passes
that to the actual telnet binary. Our PC and Mac code does the
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev