r22635: make it possible to not turn off dns canonicalization of hostnames

with krb5:set_dns_canonicalize=yes

needed for the drsuapi replication, but we should fix this with
a kdc locator plugin ...

metze
(This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)

2 files changed, 3 insertions, 2 deletions

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 82a79e1945..86e988e4cb 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -218,7 +218,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
 	}
 
 	/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
-	ret = gsskrb5_set_dns_canonicalize(FALSE);
+	ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
 	if (ret) {
 		DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
 		talloc_free(gensec_gssapi_state);
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index b78f6ef94e..e3a8479277 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -473,7 +473,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 
 	/* Set options in kerberos */
 
-	krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, FALSE);
+	krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
+					   lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
 
 	return 0;
 }