s4:gensec Use a different form of 'name' in GSSAPI import_name()

The idea here is to make it not dependent on the system's default
realm.

Andrew Bartlett

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index fe9aaa3b90f5901c3fbe7a2a3296cda9715126b4..9e974cb941e9f5f5a67e882fed7905f557b94642 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -347,11 +347,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
        if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
                name_type = GSS_C_NULL_OID;
        } else {
-               principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", 
+               principal = talloc_asprintf(gensec_gssapi_state, "%s/%s@%s",
                                            gensec_get_target_service(gensec_security), 
-                                           hostname);
+                                           hostname, lp_realm(gensec_security->settings->lp_ctx));
 
-               name_type = GSS_C_NT_HOSTBASED_SERVICE;
+               name_type = GSS_C_NT_USER_NAME;
        }               
        name_token.value  = discard_const_p(uint8_t, principal);
        name_token.length = strlen(principal);