[32982] in Kerberos
Re: ssh to IP literal
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Dec 22 23:43:50 2010
From: Greg Hudson <ghudson@mit.edu>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
In-Reply-To: <iersul$12oc$1@relay.tomsk.ru>
Date: Wed, 22 Dec 2010 23:43:42 -0500
Message-ID: <1293079422.3219.113.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, 2010-12-21 at 22:57 -0500, Victor Sudakov wrote:
> This setting must be specific to MIT Kerberos, I don't see it in Heimdal.
Whoops, sorry, in your initial message you said you were using Heimdal,
but I missed it.
Heimdal appears to perform a forward canonicalization but never a
reverse lookup, so it behaves kind of similarly to how we do when rdns
is set to false.
> You probably mean gethostname(), not gethostbyname()?
Correct.
> But earlier you said that DNS-canonicalization of the gethostname() is
> used. If we have no DNS, who will canonicalize the hostname?
That's shorthand because so many installations use DNS for hostname
resolution. Heimdal uses getaddrinfo() for its canonicalization step,
and falls back to the raw hostname if that fails.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
