[Freeipa-users] Single Sign On (SSO) SSH via IP Address

Hello FreeIPA Community, I am using FreeIPA version 4.4.0 on CentOS Linux 7.3.1611. Via FreeIPA's use of Kerberos, I have no problem SSHing among hosts in a passwordless manner (Single Sign On (SSO)) as long as I use their hostnames. Example relevant output from the SSH client verbose mode is: my-user(a)host-1.example.com$ ssh -v host-2.example.com ... debug1: Authentication succeeded (gssapi-with-mic). ... my-user(a)host-2.example.com$ However, if I try to SSH to the same host using its (fixed) IP address rather than its hostname, SSO does not succeed as an authentication method, and the client falls back to keyboard-interactive, prompting me for a password, as can be seen here: my-user(a)host-1.example.com$ ssh -v 10.10.10.5 ... debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Server host/10.10.10.5(a)EXAMPLE.COM not found in Kerberos database debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password: We have in-house code that performs remote command execution via SSH. We've made sure our code always uses hostnames to avoid this problem. (Being prompted for a password kills the automation we're trying to achieve.) We also use some external code (over which we have no control and are not permitted to modify), and that code also performs remote command execution via SSH. Unfortunately, however, it does so using an *IP address*, rather than a hostname, as a destination. For this reason, we need FreeIPA's SSO SSH capability to work when SSHing to a host via that host's IP address. Is this possible and, if so, how would it be accomplished? Thanks, Dave