s4:gensec Use a different form of 'name' in GSSAPI import_name()

The idea here is to make it not dependent on the system's default
realm.

Andrew Bartlett

1 files changed, 3 insertions, 3 deletions

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index fe9aaa3b90..9e974cb941 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -347,11 +347,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 	if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
 		name_type = GSS_C_NULL_OID;
 	} else {
-		principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", 
+		principal = talloc_asprintf(gensec_gssapi_state, "%s/%s@%s",
 					    gensec_get_target_service(gensec_security), 
-					    hostname);
+					    hostname, lp_realm(gensec_security->settings->lp_ctx));
 
-		name_type = GSS_C_NT_HOSTBASED_SERVICE;
+		name_type = GSS_C_NT_USER_NAME;
 	}		
 	name_token.value  = discard_const_p(uint8_t, principal);
 	name_token.length = strlen(principal);