host name resolution, again (krb5-1.3-alpha1 is available)

Russ Allbery rra at
Fri Mar 14 21:10:50 EST 2003

Nathan Neulinger <nneul at> writes:

> A similar issue exists with other gssapi code. Makes it pretty difficult
> to do any kerberos functionality with dns-rotated hostnames.

> I've been able to hack around it for telnet (all keys installed on all
> the machines sharing the same name), but haven't figured out a way to
> make it work with ssh yet, and haven't even bothered with ftp. 

We wrap telnet with a script that does a forward and reverse DNS lookup to
get the "real" name of the current load-balance winner and then passes
that to the actual telnet binary.  Our PC and Mac code does the

Russ Allbery (rra at             <>

More information about the krbdev mailing list