Changeset

--- a/plugins/mod_auth_cyrus.lua	Tue Jul 24 10:44:37 2012 +0100
+++ b/plugins/mod_auth_cyrus.lua	Tue Jul 24 10:56:47 2012 +0100
@@ -14,6 +14,7 @@
 local cyrus_service_name = module:get_option("cyrus_service_name");
 local cyrus_application_name = module:get_option("cyrus_application_name");
 local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
+local host_fqdn = module:get_option("cyrus_server_fqdn");
 
 prosody.unlock_globals(); --FIXME: Figure out why this is needed and
 						  -- why cyrussasl isn't caught by the sandbox
@@ -23,7 +24,8 @@
 	return cyrus_new(
 		cyrus_service_realm or realm,
 		cyrus_service_name or "xmpp",
-		cyrus_application_name or "prosody"
+		cyrus_application_name or "prosody",
+		host_fqdn
 	);
 end
 

--- a/util/sasl_cyrus.lua	Tue Jul 24 10:44:37 2012 +0100
+++ b/util/sasl_cyrus.lua	Tue Jul 24 10:56:47 2012 +0100
@@ -78,11 +78,15 @@
 end
 
 -- create a new SASL object which can be used to authenticate clients
-function new(realm, service_name, app_name)
+-- host_fqdn may be nil in which case gethostname() gives the value. 
+--      For GSSAPI, this determines the hostname in the service ticket (after
+--      reverse DNS canonicalization, only if [libdefaults] rdns = true which
+--      is the default).  
+function new(realm, service_name, app_name, host_fqdn)
 
 	init(app_name or service_name);
 
-	local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil)
+	local st, ret = pcall(cyrussasl.server_new, service_name, host_fqdn, realm, nil, nil)
 	if not st then
 		log("error", "Creating SASL server connection failed: %s", ret);
 		return nil;