From owner-freebsd-questions Sat Mar 3 6:30:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from anchor-post-30.mail.demon.net (anchor-post-30.mail.demon.net [194.217.242.88]) by hub.freebsd.org (Postfix) with ESMTP id 5AEBF37B71B for ; Sat, 3 Mar 2001 06:30:25 -0800 (PST) (envelope-from njh@kernighan.demon.co.uk) Received: from kernighan.demon.co.uk ([194.222.151.76] helo=homebrew.localdomain) by anchor-post-30.mail.demon.net with esmtp (Exim 2.12 #1) id 14ZD3A-000Pde-0U for freebsd-questions@freebsd.org; Sat, 3 Mar 2001 14:30:24 +0000 Received: from localhost (njh@localhost) by homebrew.localdomain (8.11.1/8.11.0) with ESMTP id f23ETtb00395 for ; Sat, 3 Mar 2001 14:30:22 GMT (envelope-from njh@kernighan.demon.co.uk) Date: Sat, 3 Mar 2001 14:29:54 +0000 (GMT) From: Neil Hoggarth X-X-Sender: To: Subject: OpenSSH in 4.2-RELEASE and Kerberos Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG When making an ssh connection between two machines running FreeBSD 4.2-RELEASE on my internal LAN, using the OpenSSH incorporated into FreeBSD, I find that both client and server generate DNS queries for hostnames containing variations of "kerberos", "_kerberos" and "krb5-realm". These are an annoyance, as they trigger my dial-on-demand PPP link (and produce an associated delay while the link comes up and the names fail to resolve). I don't use any kerberos stuff, and haven't knowingly configured anything relating to it. The ssh and sshd man pages document various command line and config file options for suppressing Kerberos authentication and ticket passing, but the ssh and sshd binaries don't seem to recognise these. Is there anyway I can supress kerberos activity in ssh/sshd, or configure the kerberos libraries not to generate DNS query traffic? Regards, Neil Hoggarth. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message