From: Timo Sirainen <tss@iki.fi>
Date: Wed, 13 Aug 2008 18:59:10 +0000 (-0400)
Subject: Added support for gssapi_hostname=$ALL for multihomed hosts.
X-Git-Tag: 1.2.alpha1~68
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bde5b40c4fcc20e812a7caff9c0ed55e7090ced9;p=thirdparty%2Fdovecot%2Fcore.git

Added support for gssapi_hostname=$ALL for multihomed hosts.
Patch by Jason Gunthorpe.

--HG--
branch : HEAD
---

diff --git a/dovecot-example.conf b/dovecot-example.conf
index 4c49e70182..6910ca1ecb 100644
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -779,7 +779,7 @@ protocol lda {
 #auth_worker_max_request_count = 0
 
 # Host name to use in GSSAPI principal names. The default is to use the
-# name returned by gethostname().
+# name returned by gethostname(). Use "$ALL" to allow all keytab entries.
 #auth_gssapi_hostname =
 
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system 
diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index 3f570a15f3..1817d47df7 100644
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -139,6 +139,13 @@ static OM_uint32 obtain_service_credentials(struct auth_request *request,
 	gss_name_t gss_principal;
 	const char *service_name;
 
+	if (strcmp(request->auth->gssapi_hostname, "$ALL") == 0) {
+		auth_request_log_info(request, "gssapi",
+				      "Using all keytab entries");
+		*ret = GSS_C_NO_CREDENTIAL;
+		return GSS_S_COMPLETE;
+	}
+
 	if (strcasecmp(request->service, "POP3") == 0) {
 		/* The standard POP3 service name with GSSAPI is called
 		   just "pop". */