deprecate VerifyReverseMapping since it's dangerous if combined

with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@

1 files changed, 2 insertions, 2 deletions

diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c
index f8b4ae85202..bbc7d8a4df0 100644
--- a/usr.bin/ssh/auth2-hostbased.c
+++ b/usr.bin/ssh/auth2-hostbased.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-hostbased.c,v 1.3 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth2-hostbased.c,v 1.4 2003/06/02 09:17:34 markus Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -136,7 +136,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
 	HostStatus host_status;
 	int len;
 
-	resolvedname = get_canonical_hostname(options.verify_reverse_mapping);
+	resolvedname = get_canonical_hostname(options.use_dns);
 	ipaddr = get_remote_ipaddr();
 
 	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",