"Joel Johnson" mrjoel@lixil.net writes:
A deficiency of the previously patch [1] appears to be that the option is not configurable, so I have created a related patch [2] (currently against 2.4.8, not quite HEAD) to add a runtime configuration option to select whether or not the name canonicalization should be performed. It defaults to true, the current behavior. The patch is still in progress, but has the functionality and provides an illustration of my approach. The following are known issues that will be addressed:
For what it's worth, this approach (making canonicalization configurable and defaulting to on) is the same approach that's been taken by GSSAPI implementers. (By setting rdns = false in [libdefaults] for MIT Kerberos, for example.)