I've seen this discussed before, but I'm having some trouble. My situation is that I have sshd behind a NAT. The public IP has an A record from one of my domain names, but I have no control over the PTR record, as this is a cable modem connection, so the ISP controls that. So, the client goes to do a reverse dns lookup on the IP address, and gets the PTR record provided by the ISP, which breaks gssapi-with-mic.
I have tried setting "rdns = false" under [libdefaults] in /etc/krb5.conf on the client, yet this doesn't seem to have had any effect. I'm at a loss as to why. The client is Kerberos 1.6.2 (krb5-libs-1.6.2-9.fc8) on Fedora 8, sshd is on Solaris 10u3 with Kerberos 1.6, and KDC is also Kerberos 1.6. Any pointers to why the rdns setting isn't working are greatly appreciated. -- Andy Cobaugh [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
