disable reverse lookup for GSSAPI

Dan White dwhite at olp.net
Tue Jul 1 13:32:34 EDT 2014


On 07/01/14 13:02 +0200, Lars Hanke wrote:
>I try to access my samba4 AD DC using Kerberos authentication. The 
>following command works nicely on the DC itself, given that 
>Administrator has a ticket. But it fails on the client machine:
>
>root at samba4:/# host samba
>samba.ad.microsult.de has address 172.16.6.240
>root at samba4:/# host samba.ad.microsult.de
>samba.ad.microsult.de has address 172.16.6.240
>root at samba4:/# host samba.uac.microsult.de
>samba.uac.microsult.de has address 172.16.6.240
>root at samba4:/# host 172.16.6.240
>240.6.16.172.in-addr.arpa domain name pointer samba.uac.microsult.de.
>
>Is there any way to stop GSSAPI from the reverse lookup?
>
>I use the MIT flavor libraries. Is it probably better using Heimdal?

See:

http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html

The rdns and dns_canonicalize_hostname options should control dns lookups.

-- 
Dan White


More information about the Cyrus-sasl mailing list