r22635: make it possible to not turn off dns canonicalization of hostnames

with krb5:set_dns_canonicalize=yes

needed for the drsuapi replication, but we should fix this with
a kdc locator plugin ...

metze
(This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 82a79e1945fffa7be6e5cebb86de1260d60378fe..86e988e4cbfdef080a11f7910fd5595c76562ff2 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -218,7 +218,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
        }
 
        /* don't do DNS lookups of any kind, it might/will fail for a netbios name */
-       ret = gsskrb5_set_dns_canonicalize(FALSE);
+       ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
        if (ret) {
                DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
                talloc_free(gensec_gssapi_state);

diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index b78f6ef94e04151b95b044c5a225a5abda1308bb..e3a84792771bf14ca57a219d0b43b1e6eaed5697 100644 (file)
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -473,7 +473,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 
        /* Set options in kerberos */
 
-       krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, FALSE);
+       krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
+                                          lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
 
        return 0;
 }