I wrote a paper for the MIT Kerberos Consortium (kerberos.org) on integrating Kerberos into applications that goes through the DNS issues in reasonable detail. I recommend looking at that. It is somewhat developer rather than administrator focused, but will give you a good understanding. Note that ssh has some explicit options to manipulate what it does about DNS, but most other Kerberos applications do not.
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
