On 17 Sep 2007, at 03:57, Joel Johnson wrote:

> When I try and connect to
> that server the GSSAPI functionality in the SSH client tries to
> obtain a
> Kerberos host key for the actual reverse hostname (as noted in the
> KDC logs)
> which is not what I requested and of course fails.


This name canonicalisation step is being performed by the GSSAPI
library you are linking against. This behaviour was mandated by
RFC1964, but has since been deprecated by the more recent Kerberos
revisions. Some libraries may offer the ability to disable
canonicalisation, but that will be controlled as part of your
Kerberos configuration, rather than in the OpenSSH code.

Simon.