From 62636bd878ced770058109f0aeb981ccba3b1aff Mon Sep 17 00:00:00 2001
From: William Brown <firstyear@redhat.com>
Date: Tue, 12 Apr 2016 08:05:25 +1000
Subject: [PATCH] Ticket 48790 - gssapi should accept different realm names

Bug Description:  rest389 had a hardcoded realm name. This fixes the behaviour
to allow the kdc to select a realm name.

Fix Description:  Remove the hardcoded realm, gssapi will automatically populate
one.

https://fedorahosted.org/389/ticket/48790

Author: wibrown

Review by: ???
---
 rest389/Authentication.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/rest389/Authentication.py b/rest389/Authentication.py
index f0bca0a..30e0e38 100644
--- a/rest389/Authentication.py
+++ b/rest389/Authentication.py
@@ -64,10 +64,8 @@ def getConnection(binddn='', password='', saslmethod=None):
 
 
 def _negotiate_start(req):
-    # We need a better way to specify the keytab.
-    # configuration file perhaps ....
-    # is there a way to determine the realm easily ... ?
-    svc_princ = gssnames.Name('HTTP/%s@EXAMPLE.COM' % (socket.gethostname()))
+    # We don't need to specify the realm name, gssapi works it out for us.
+    svc_princ = gssnames.Name('HTTP/%s' % (socket.gethostname()))
     server_creds = gsscreds.Credentials(usage='accept', name=svc_princ)
     context = gssctx.SecurityContext(creds=server_creds)
 
-- 
2.5.5