I have OpenSSH setup and am using gssapi-with-mic to authenticate using my
existing Kerberos (MIT) infrastructure.

The problem I'm having is with a machine on a DSL with a dynamic IP such
that I don't have control over the DNS PTR record. When I try and connect to
that server the GSSAPI functionality in the SSH client tries to obtain a
Kerberos host key for the actual reverse hostname (as noted in the KDC logs)
which is not what I requested and of course fails. An example for
clarification - I try to ssh to box1.example.com and expect to obtain a
Kerberos hostkey for host/box1.example.com@EXAMPLE.COM, but instead try to
get tickets for host/QWEST.NET@EXAMPLE.COM which fail, so the
gssapi-with-mic mechanism fails.

As an additional note, I tried putting the relevant entry in /etc/hosts and
everything went exactly as expected. It is obvious that there is a
verification mechanism in place to do the reverse lookup and obtain a
service ticket for that host, but in this instance I need to be able to
disable that reverse lookup. Where can I do this? I'm not entirely sure what
level does the initial request, but any guidance would be appreciated.

Joel Johnson