From 1ae9044b8e2347a0c8c948a65a22fae6ec1ef385 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 20 Apr 2010 15:00:50 +1000 Subject: s4:gensec Use a different form of 'name' in GSSAPI import_name() The idea here is to make it not dependent on the system's default realm. Andrew Bartlett --- source4/auth/gensec/gensec_gssapi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index fe9aaa3b90..9e974cb941 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -347,11 +347,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { name_type = GSS_C_NULL_OID; } else { - principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", + principal = talloc_asprintf(gensec_gssapi_state, "%s/%s@%s", gensec_get_target_service(gensec_security), - hostname); + hostname, lp_realm(gensec_security->settings->lp_ctx)); - name_type = GSS_C_NT_HOSTBASED_SERVICE; + name_type = GSS_C_NT_USER_NAME; } name_token.value = discard_const_p(uint8_t, principal); name_token.length = strlen(principal); -- cgit