>>>>> "Josh" == Josh Howlett <[log in to unmask]> writes:
>>
>> The issue is that when the server queries its own hostname
Josh> So we recommend that people don't do that. Unix NSS defaults
Josh> to local configuration, no?
Hmm.
You still run into the DHCP problem.
/etc/resolv.conf gets overridden by your visited dhcp.
So now I'm querying myhost.hsd1.ma.comcast.net or whatever rather than
myhostname.painless-security.com.
It may be our best option, but it feels sad to go down that route given
how much we've been struggling to find a better answer in Kerberos land.
for Kerberos, we're moving to accepting any key in the local keytab with
the right service.
Unfortunately, we don't have anything like that that serves as a list of
local aliases.
