- all_principals_unkown = 1;
- realms = conf->krb_auth_realms;
- do {
- if (realms && (code = krb5_set_default_realm(kcontext,
- ap_getword_white(r->pool, &realms)))){
+ if (conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL)
+ ret = krb5_parse_name (kcontext, conf->krb_service_name, &server);
+ else
+ ret = krb5_sname_to_principal(kcontext, ap_get_server_name(r),
+ (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
+ KRB5_NT_SRV_HST, &server);
+
+ if (ret) {
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Error parsing server name (%s): %s",
+ (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
+ krb5_get_err_text(kcontext, ret));
+ ret = HTTP_UNAUTHORIZED;
+ goto end;
+ }
+
+ code = krb5_unparse_name(kcontext, server, &name);
+ if (code) {
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "krb5_unparse_name() failed: %s",
+ krb5_get_err_text(kcontext, code));
+ ret = HTTP_UNAUTHORIZED;
+ goto end;
+ }
+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Using %s as server principal for password verification", name);
+ free(name);
+ name = NULL;
+
+ p = strchr(sent_name, '@');
+ if (p) {
+ *p++ = '\0';
+ if (conf->krb_auth_realms && !ap_find_token(r->pool, conf->krb_auth_realms, p)) {