* Carlos Gunners: > When I try to connect a java app (tomcat8 container, openjdk-7-jre v 7u101, > debian jessie) to this ldap service via GSSAPI/kerberos using a keytab for > auth, it repeatedly fails .. initially failing to find the service > principal in kerberos via its non-canonical hostname (meaning that the java > app totally ignores rdns setting, and thus does no reverse dns check before > trying to obtain a ticket).
Would be a service principal selection based on reverse DNS even secure?
