HiAll,
I have a patch to utils/gssd/krb5_util.c that enables kerberized NFS
mounts to succeed even if the principal is not <HOSTNAME>$.
It works by reading another principal name from the [appdefaults]
section of krb5.conf:
[appdefaults]
nfs = {
ad_principal_name = 129.125.39.115$
}
Patch is attached. Would you please incorporate it in the source if you
find it useful?
Sorry if I'm asking in the wrong place.
Best Regards
Jurjen
--- utils/gssd/krb5_util.c.orig 2014-08-06 10:54:18.806414170 +0200
+++ utils/gssd/krb5_util.c 2014-08-06 11:01:21.016320365 +0200
@@ -801,7 +801,8 @@
char *k5err = NULL;
int tried_all = 0, tried_default = 0;
krb5_principal princ;
-
+ const char *notsetstr = "not set";
+ char *adhostoverride;
/* Get full target hostname */
retval = get_full_hostname(tgtname, targethostname,
@@ -818,11 +819,18 @@
}
/* Compute the active directory machine name HOST$ */
- strcpy(myhostad, myhostname);
- for (i = 0; myhostad[i] != 0; ++i)
- myhostad[i] = toupper(myhostad[i]);
- myhostad[i] = '$';
- myhostad[i+1] = 0;
+ krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name", notsetstr, &adhostoverride);
+ if (strcmp(adhostoverride, notsetstr) != 0) {
+ printerr (0, "AD host string overridden with \"%s\" from appdefaults\n", adhostoverride);
+ /* No overflow: Windows cannot handle strings longer than 19 chars */
+ strcpy(myhostad, adhostoverride);
+ } else {
+ strcpy(myhostad, myhostname);
+ for (i = 0; myhostad[i] != 0; ++i)
+ myhostad[i] = toupper(myhostad[i]);
+ myhostad[i] = '$';
+ myhostad[i+1] = 0;
+ }
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
if (retval)
