Hi, I have indeed configured the hosts files with FQDN form first and non-FQDN form second, and it's working out well. I was asking that out of curiosity with regard to why these components were handling name resolution the way they are.
Anyhow, thanks for the fast answers. In article <[EMAIL PROTECTED]>, "Marc Horowitz" <[EMAIL PROTECTED]> wrote: > "Mathieu Nantel" <[EMAIL PROTECTED]> writes: > >>> Is there no way to tell the GSSAPI to use DNS for it's naming >>> requirements? > >>> From what I can tell, GSSAPI is the only shared component between all >>> of these. > > Kerberos is also shared, as is the nameservice switch, the resolver, > libc, the TCP stack, etc. In this case, the problem is below GSSAPI. > > Kerberos and GSSAPI just calls gethostbyname() and the like, so your > nsswitch.conf is responsible for telling it which to use. It sounds > like you have nsswitch.conf set up properly, but having the same hosts > in both places with inconsistent configuration is asking for trouble. > Does GSSAPI work properly if you remove hosts from nsswitch.conf > completely? > > Kerberos and GSSAPI are both very sensitive to name service > configuration. They do not deal well with misconfiguration, which > having differing records in dns and /etc/hosts is. Making them less > sensitive would be difficult. The correct fix is to fix your name > service configuration (either by removing 'hosts' from nsswitch.conf, or > removing the inconsistent records, or forcing the records to be > consistent), not to blame GSSAPI. > > Marc
