diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 5fde091..990111d 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -801,8 +801,10 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
char *default_realm = NULL;
char *realm;
char *k5err = NULL;
- int tried_all = 0, tried_default = 0;
+ int tried_all = 0, tried_default = 0, tried_upper = 0;
krb5_principal princ;
+ const char *notsetstr = "not set";
+ char *adhostoverride;
/* Get full target hostname */
@@ -820,13 +822,23 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
}
/* Compute the active directory machine name HOST$ */
- strcpy(myhostad, myhostname);
- for (i = 0; myhostad[i] != 0; ++i) {
- if (myhostad[i] == '.') break;
- myhostad[i] = toupper(myhostad[i]);
+ krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
+ notsetstr, &adhostoverride);
+ if (strcmp(adhostoverride, notsetstr) != 0) {
+ printerr (1,
+ "AD host string overridden with \"%s\" from appdefaults\n",
+ adhostoverride);
+ /* No overflow: Windows cannot handle strings longer than 19 chars */
+ strcpy(myhostad, adhostoverride);
+ free(adhostoverride);
+ } else {
+ strcpy(myhostad, myhostname);
+ for (i = 0; myhostad[i] != 0; ++i) {
+ if (myhostad[i] == '.') break;
+ }
+ myhostad[i] = '$';
+ myhostad[i+1] = 0;
}
- myhostad[i] = '$';
- myhostad[i+1] = 0;
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
if (retval) {
@@ -923,6 +935,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
k5err = gssd_k5_err_msg(context, code);
printerr(3, "%s while getting keytab entry for '%s'\n",
k5err, spn);
+ /*
+ * We tried the active directory machine account
+ * with the hostname part as-is and failed...
+ * convert it to uppercase and try again before
+ * moving on to the svcname
+ */
+ if (strcmp(svcnames[j],"$") == 0 && !tried_upper) {
+ for (i = 0; myhostad[i] != '$'; ++i) {
+ myhostad[i] = toupper(myhostad[i]);
+ }
+ j--;
+ tried_upper = 1;
+ }
} else {
printerr(3, "Success getting keytab entry for '%s'\n",spn);
retval = 0;