summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/gensec_gssapi.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/gensec/gensec_gssapi.c')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 69f219fe07..c462cf0ecd 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -229,8 +229,10 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
krb5_error_code ret;
NTSTATUS nt_status;
gss_buffer_desc name_token;
+ gss_OID name_type;
OM_uint32 maj_stat, min_stat;
const char *hostname = gensec_get_target_hostname(gensec_security);
+ const char *principal;
if (!hostname) {
DEBUG(1, ("Could not determine hostname for target computer, cannot use kerberos\n"));
@@ -248,14 +250,22 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
gensec_gssapi_state = gensec_security->private_data;
- name_token.value = talloc_asprintf(gensec_gssapi_state, "%s@%s",
- gensec_get_target_service(gensec_security),
- hostname);
- name_token.length = strlen(name_token.value);
+ principal = gensec_get_target_principal(gensec_security);
+ if (principal && lp_client_use_spnego_principal()) {
+ name_token.value = gensec_get_target_principal(gensec_security);
+ name_token.length = strlen(name_token.value);
+ name_type = GSS_C_NULL_OID;
+ } else {
+ name_token.value = talloc_asprintf(gensec_gssapi_state, "%s@%s",
+ gensec_get_target_service(gensec_security),
+ hostname);
+ name_token.length = strlen(name_token.value);
+ name_type = GSS_C_NT_HOSTBASED_SERVICE;
+ }
maj_stat = gss_import_name (&min_stat,
&name_token,
- GSS_C_NT_HOSTBASED_SERVICE,
+ name_type,
&gensec_gssapi_state->server_name);
if (maj_stat) {
DEBUG(2, ("GSS Import name of %s failed: %s\n",
generated by cgit (git 2.34.1) at 2024-10-28 17:56:14 +0000