[Bug 1008] GSSAPI authentication failes with Round Robin DNS hosts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Aug 19 08:28:06 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1008


simon at sxw.org.uk changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |simon at sxw.org.uk




------- Comment #5 from simon at sxw.org.uk  2006-08-19 08:28 -------
There isn't an easy fix for this, at least with today's GSSAPI
libraries. Most of these 
use the DNS to canonicalize the hostname passed into them - so there's
no way of stopping
them from resolving it a different way from OpenSSH.

Perversely, the only way to fix this is to pass the canonicalized name
into the GSSAPI library,
rather than the one supplied by the user. Generally, this is a bad
idea, but it's the only
way to fix this problem. I've got a patch which does this dependent on
a configuration variable,
if it would be likely to be considered for inclusion.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list