Added support for gssapi_hostname=$ALL for multihomed hosts.

Patch by Jason Gunthorpe.

--HG--
branch : HEAD

diff --git a/dovecot-example.conf b/dovecot-example.conf
index 4c49e701820e1f4c64e3c0736a99e8a2470c2487..6910ca1ecbe2cb06b4cea52a0ddbf3b99f2d9443 100644 (file)
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -779,7 +779,7 @@ protocol lda {
 #auth_worker_max_request_count = 0
 
 # Host name to use in GSSAPI principal names. The default is to use the
-# name returned by gethostname().
+# name returned by gethostname(). Use "$ALL" to allow all keytab entries.
 #auth_gssapi_hostname =
 
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system 

diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index 3f570a15f31cc3454bcc714f78bdadae2a79a7ca..1817d47df766217ebdd23050af443414b385ccf7 100644 (file)
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -139,6 +139,13 @@ static OM_uint32 obtain_service_credentials(struct auth_request *request,
        gss_name_t gss_principal;
        const char *service_name;
 
+       if (strcmp(request->auth->gssapi_hostname, "$ALL") == 0) {
+               auth_request_log_info(request, "gssapi",
+                                     "Using all keytab entries");
+               *ret = GSS_C_NO_CREDENTIAL;
+               return GSS_S_COMPLETE;
+       }
+
        if (strcasecmp(request->service, "POP3") == 0) {
                /* The standard POP3 service name with GSSAPI is called
                   just "pop". */