From dacdfbc98ccb533626058745f4aacef0b0b36286 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 8 Jun 2005 14:57:37 +0000
Subject: r7398: commiting abartlet's patch for kerberos authentication when
 using a keytab and security != ads (This used to be commit
 3faaa5c3eb3b2057984586e069a47cb210c99140)

---
 source3/smbd/negprot.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'source3/smbd/negprot.c')

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 054afac683..d4f0167a5f 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -178,7 +178,6 @@ static int negprot_spnego(char *p)
 				   OID_NTLMSSP,
 				   NULL};
 	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
-	char *principal;
 	int len;
 
 	global_spnego_negotiated = True;
@@ -211,12 +210,16 @@ static int negprot_spnego(char *p)
 		return 16;
 	}
 #endif
-	if (lp_security() != SEC_ADS) {
+	if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
 		blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
 	} else {
-		asprintf(&principal, "%s$@%s", guid, lp_realm());
-		blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
-		free(principal);
+		fstring myname;
+		char *host_princ_s = NULL;
+		name_to_fqdn(myname, global_myname());
+		strlower_m(myname);
+		asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm());
+		blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
+		SAFE_FREE(host_princ_s);
 	}
 	memcpy(p, blob.data, blob.length);
 	len = blob.length;
-- 
cgit