On 18 December 2012 15:23, Russ Allbery <r...@debian.org> wrote: > If you add: > > rdns = false > > to the [libdefaults] section of your /etc/krb5.conf, does it then work > with MIT? (I'm not sure what the corresponding Heimdal setting; a quick > man page check didn't reveal it.) >
No change. > I think this is your GSS-API library being excessively helpful and > canonicalizing the host identity with DNS for you, and then getting > confused by whatever nsswitch is returning. This isn't really under the > control of the application; the GSS-API library will do this under the > hood. > Like I said, same result both from Heimdal and MIT. Is it possible both independent implementations made exactly the same mistake? -- Brian May <br...@microcomaustralia.com.au>
