Simon Wilkinson wrote: > > > > I have created a principal for each of the several names, and placed > > these principals' keys into the destination server's keytab. However > > when I try to ssh into this server, GSSAPI auth works only for one of > > these names, actually the name which is equal to the server's > > `hostname`. > > I can even choose which name will work, by changing the server's > > `hostname`. But only one name at a time will work.
> The GSSAPI library is canonicalising the name passed to it, by doing > a forwards, then a reverse lookup in the DNS to obtain the fully > qualified hostname of the machine which you are connecting to. If so, why does the available name depend on the `hostname` setting without any change in the DNS? > Recent > MIT releases provide a means of disabling this canonicalisation, but > I'm not sure about Heimdal. Does a ssh client really pass any server name to sshd during GSSAPI negotiation? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/[EMAIL PROTECTED] http://vas.tomsk.ru/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
