"Mathieu Nantel" <[EMAIL PROTECTED]> writes:
>> Is there no way to tell the GSSAPI to use DNS for it's naming
>> requirements?
>> From what I can tell, GSSAPI is the only shared component between
>> all of these.
Kerberos is also shared, as is the nameservice switch, the resolver,
libc, the TCP stack, etc. In this case, the problem is below GSSAPI.
Kerberos and GSSAPI just calls gethostbyname() and the like, so your
nsswitch.conf is responsible for telling it which to use. It sounds
like you have nsswitch.conf set up properly, but having the same hosts
in both places with inconsistent configuration is asking for trouble.
Does GSSAPI work properly if you remove hosts from nsswitch.conf
completely?
Kerberos and GSSAPI are both very sensitive to name service
configuration. They do not deal well with misconfiguration, which
having differing records in dns and /etc/hosts is. Making them less
sensitive would be difficult. The correct fix is to fix your name
service configuration (either by removing 'hosts' from nsswitch.conf,
or removing the inconsistent records, or forcing the records to be
consistent), not to blame GSSAPI.
Marc
