Patch to ignore service principals when accepting connexions.

Simo Sorce ssorce at
Thu Aug 26 08:26:20 EDT 2010

On Wed, 25 Aug 2010 21:33:07 -0400
Sam Hartman <hartmans at> wrote:

> I definitely agree that the forward/reverse resolution creates issues
> for acquire_cred.  There's a kind of annoying Debian bug open on this
> where the name you end up with depends on whether you have A records
> or just AAAA records.  Also, as you point out it is a source of
> failure.
> So, I would like to express support for a configuration knob to ignore
> the hostname and to look into what we can do about acceptor-side use
> of DNS.

In Heimdal there is a function called gsskrb5_set_dns_canonicalized()
that allows you to tell your library to not do any dns lookup.

It would be a nice to have.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list