[28807] in Kerberos
Disabling reverse dns lookups
daemon@ATHENA.MIT.EDU (Andrew Cobaugh)
Thu Nov 29 02:57:21 2007
Message-ID: <1b8d56200711282356n5fbb00d3q86dd0237196169d9@mail.gmail.com>
Date: Thu, 29 Nov 2007 02:56:58 -0500
From: "Andrew Cobaugh" <phalenor@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I've seen this discussed before, but I'm having some trouble.
My situation is that I have sshd behind a NAT. The public IP has an A
record from one of my domain names, but I have no control over the PTR
record, as this is a cable modem connection, so the ISP controls that.
So, the client goes to do a reverse dns lookup on the IP address, and
gets the PTR record provided by the ISP, which breaks gssapi-with-mic.
I have tried setting "rdns = false" under [libdefaults] in
/etc/krb5.conf on the client, yet this doesn't seem to have had any
effect. I'm at a loss as to why.
The client is Kerberos 1.6.2 (krb5-libs-1.6.2-9.fc8) on Fedora 8, sshd
is on Solaris 10u3 with Kerberos 1.6, and KDC is also Kerberos 1.6.
Any pointers to why the rdns setting isn't working are greatly appreciated.
--
Andy Cobaugh
phalenor@gmail.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
