From 798398950864fd780b7b70f80cce2b2e73aa0349 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 2 May 2007 09:54:06 +0000 Subject: r22635: make it possible to not turn off dns canonicalization of hostnames with krb5:set_dns_canonicalize=yes needed for the drsuapi replication, but we should fix this with a kdc locator plugin ... metze (This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5) --- source4/auth/gensec/gensec_gssapi.c | 2 +- source4/auth/kerberos/krb5_init_context.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 82a79e1945..86e988e4cb 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -218,7 +218,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) } /* don't do DNS lookups of any kind, it might/will fail for a netbios name */ - ret = gsskrb5_set_dns_canonicalize(FALSE); + ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false)); if (ret) { DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n")); talloc_free(gensec_gssapi_state); diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index b78f6ef94e..e3a8479277 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -473,7 +473,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, /* Set options in kerberos */ - krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, FALSE); + krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, + lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false)); return 0; } -- cgit