host name resolution, again (krb5-1.3-alpha1 is available)
Nathan Neulinger
nneul at umr.edu
Fri Mar 14 21:16:24 EST 2003
Ick. It'd be less trouble to just install lbnamed or similar and have it
randomly return a cname.
Multiple cnames in a response violates the dns rfc's, but as far as I
know, returning a _single_ cname with a random target should be fine.
-- Nathan
On Fri, 2003-03-14 at 20:10, Russ Allbery wrote:
> Nathan Neulinger <nneul at umr.edu> writes:
>
> > A similar issue exists with other gssapi code. Makes it pretty difficult
> > to do any kerberos functionality with dns-rotated hostnames.
>
> > I've been able to hack around it for telnet (all keys installed on all
> > the machines sharing the same name), but haven't figured out a way to
> > make it work with ssh yet, and haven't even bothered with ftp.
>
> We wrap telnet with a script that does a forward and reverse DNS lookup to
> get the "real" name of the current load-balance winner and then passes
> that to the actual telnet binary. Our PC and Mac code does the
> equivalent.
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
More information about the krbdev
mailing list