I have OpenSSH setup and am using gssapi-with-mic to authenticate using my existing Kerberos (MIT) infrastructure.
The problem I'm having is with a machine on a DSL with a dynamic IP such that I don't have control over the DNS PTR record. When I try and connect to that server the GSSAPI functionality in the SSH client tries to obtain a Kerberos host key for the actual reverse hostname (as noted in the KDC logs) which is not what I requested and of course fails. An example for clarification - I try to ssh to box1.example.com and expect to obtain a Kerberos hostkey for host/[EMAIL PROTECTED], but instead try to get tickets for host/[EMAIL PROTECTED] which fail, so the gssapi-with-mic mechanism fails. As an additional note, I tried putting the relevant entry in /etc/hosts and everything went exactly as expected. It is obvious that there is a verification mechanism in place to do the reverse lookup and obtain a service ticket for that host, but in this instance I need to be able to disable that reverse lookup. Where can I do this? I'm not entirely sure what level does the initial request, but any guidance would be appreciated. Thanks, Joel Johnson
