> Date: Thu, 4 Apr 2013 14:24:34 -0400
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Subject: RE: openssh/mit kerberos and numeric host address
>
> On Thu, 4 Apr 2013, 王剑 wrote:
>
> >
> > To make sure I don't miss any necessary patch, I git-buildpackage from your
> > modified
> > debian-krb5 repository and test again.
> >
> > The kdc I setup is used as both client and server, using
> >
> > $ ssh -vvv [email protected]
> >
> > RESULTS:
> >
> > Patched glibc package + official kerberos package = no go
> > Official glibc package + patched kerberos package = no go
> >
> > Have you test your package in debian testing latest? My test setup is very
> > simple and it's
> > easy to reproduce.
>
> My testing was only in wheezy.
> The small, easy test for me to do is 'kvno -S host
> ptr-mismatch.kerberos.org', which is improved by my patch. I have not
> tested sshing to a numeric host address nor on debian testing, though
> given your experiences I probably should.
>
> Thanks for the clarification.
>
I think the big difference is I want to use IP address directly, and this is a
rather reasonable
demand when you manage a large cluster and don't want to rely DNS heavily.
In the company I worked before, we setup DNS forward and reverse RR, and
prepare DNS servers
in different IDCs in case that intranet split keep us from login even we have
backup links.
That DNS setup is a huge burden for us.
BTW, why no IP address prefix to realm mapping for mit kerberos?
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
