On 03/14/2013 11:25 AM, Yury Sulsky wrote: > This may be just me misunderstanding PTR records, but it looks like the > Kerberos library doesn't support multiple records when checking that a > hostname maps to an ip address that maps back to the same hostname (I think > this check only takes place if the "rdns" option is set).
The sname-to-principal code isn't performing a pass-or-fail check; it's trying to determine the canonical name of a host. So if we considered multiple PTR records or did PTR lookups for multiple addresses, we would have to somehow decide which one to use. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
