Skip to content

Commit

Permalink
Use host/ as spn prefix.
Browse files Browse the repository at this point in the history
  • Loading branch information
tmds committed Jul 31, 2024
1 parent eff9e3e commit 5ef2ed0
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/Tmds.Ssh/KerberosCredential.cs
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public sealed class KerberosCredential : Credential
/// </remarks>
/// <param name="credential">The credentials to use for the Kerberos authentication exchange. Set to null to use a cached ticket.</param>
/// <param name="delegateCredential">Allows the SSH server to delegate the user on remote systems.</param>
/// <param name="targetName">Override the service principal name (SPN), default uses <c>host@<SshClientSettings.HostName></c>.</param>
/// <param name="targetName">Override the service principal name (SPN), default uses <c>host/<SshClientSettings.HostName></c>.</param>
public KerberosCredential(NetworkCredential? credential = null, bool delegateCredential = false, string? targetName = null)
{
if (!string.IsNullOrWhiteSpace(credential?.UserName))
Expand Down
2 changes: 1 addition & 1 deletion src/Tmds.Ssh/SshClientSettings.SshConfig.cs
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ private static IReadOnlyList<Credential> DetermineCredentials(SshConfig config)
if (addGssApiCredentials)
{
bool delegateCredential = config.GssApiDelegateCredentials ?? false;
string? targetName = !string.IsNullOrEmpty(config.GssApiServerIdentity) ? $"host@{config.GssApiServerIdentity}" : null;
string? targetName = !string.IsNullOrEmpty(config.GssApiServerIdentity) ? $"host/{config.GssApiServerIdentity}" : null;
credentials.Add(new KerberosCredential(credential: null, delegateCredential, targetName));

addGssApiCredentials = false;
Expand Down
2 changes: 1 addition & 1 deletion src/Tmds.Ssh/UserAuthentication.GssApiAuth.cs
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public static async Task<bool> TryAuthenticate(KerberosCredential credential, Us

// RFC uses hostbased SPN format "service@host" but Windows SSPI needs the service/host format.
// .NET converts this format to the hostbased format expected by GSSAPI for us.
string targetName = !string.IsNullOrEmpty(credential.TargetName) ? credential.TargetName : $"host@{connectionInfo.HostName}";
string targetName = !string.IsNullOrEmpty(credential.TargetName) ? credential.TargetName : $"host/{connectionInfo.HostName}";
NetworkCredential networkCredential = credential.NetworkCredential ?? CredentialCache.DefaultNetworkCredentials;

// The SSH messages must have a username value which maps to the target user we want to login as. We use the
Expand Down
2 changes: 1 addition & 1 deletion test/Tmds.Ssh.Tests/KerberosTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ public async Task ExplicitCredential(bool useLocalUser, bool overrideSpn)
if (overrideSpn)
{
connectionName = $"127.0.0.1:{_sshServer.ServerPort}";
targetName = "host@localhost";
targetName = "host/localhost";
}
else
{
Expand Down

0 comments on commit 5ef2ed0

Please sign in to comment.