GSSAPI-authenticated connection to DNS load-balanced
cluster node where each node has uniq host name.
A client cannot authenticate.
GSSAPI CVS server has been modified to search for any
Kerberos key that matches `cvs' service and any
CVS server can authenticate clients using GSSAPI even if
server's hostname does not match domain name, and thus
Kerberos principal host name part, common for all cluster
nodes. CVS server administrators are advised to deploy
two Kerberos principals to each node---a principal
matching the node's hostname, and a principal matching
cluster's domain name.