Re: disable reverse lookup for GSSAPI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/01/14 13:02 +0200, Lars Hanke wrote:
I try to access my samba4 AD DC using Kerberos authentication. The following command works nicely on the DC itself, given that Administrator has a ticket. But it fails on the client machine: 

root@samba4:/# host samba
samba.ad.microsult.de has address 172.16.6.240
root@samba4:/# host samba.ad.microsult.de
samba.ad.microsult.de has address 172.16.6.240
root@samba4:/# host samba.uac.microsult.de
samba.uac.microsult.de has address 172.16.6.240
root@samba4:/# host 172.16.6.240
240.6.16.172.in-addr.arpa domain name pointer samba.uac.microsult.de.

Is there any way to stop GSSAPI from the reverse lookup?

I use the MIT flavor libraries. Is it probably better using Heimdal?


See:

http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html

The rdns and dns_canonicalize_hostname options should control dns lookups.

--
Dan White
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux