I'm using OpenSSH (4.3p2) on a Linux client to authenticate via GSSAPI with the gssapi-with-mic SSH mechanism to multiple hosts with an existing Kerberos infrastructure. The issue I'm having is with a new server which for various reasons is located on a DSL link with a dynamic IP address. In turn, I don't have control over the DNS PTR records, so while I have forward resolution setup properly, I'm unable to setup the correct reverse lookup. When I attempt to connect to this host with SSH, a ticket request is made against the KDC for a host ticket using the name obtained by a reverse DNS lookup name canonicalization which is not defined.
I've found references to the "[libdefaults] rdns = no" entry in krb5.conf, but I'd rather not set the global setting. Is there any way to disable reverse DNS on a per host/IP/regex basis? Thanks for any help, Joel Johnson ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
