Re: Kerberos 5 and DNS aliases
Simon Wilkinson wrote:[color=blue][color=green]
>> If so, why does the available name depend on the `hostname` setting without any change in the DNS?
> Because the server picks the acceptor principal to use for incoming connections by resolving the machine's hostname. You can disable this behaviour, and permit any principal whose key is in the default keytab by using a recent version, and setting GSSAPIStrictAcceptorCheck to 'no'
This appears to be only supported through your patch
([url]http://www.sxw.org.uk/computing/patches/openssh.html[/url]). Are there plans
for including this option in mainline openssh soon?