Invent the parameter 'gss_trust_dns' for Kerberos support

In response to Paramiko issue #915 the parameter 'gss_trust_dns' was added for Kerberos support. Set by default to 'True' the parameter indicates whether or not the DNS is trusted to securely canonicalize the hostname of the target host. If set to 'False' the hostname entered will be passed to GSSAPI. This option behaves like GSSAPITrustDNS from OpenSSH. Also, the parameter 'gss_host' is now always set, regardless if GSSAPI is used or not. Further, a minor fix was required to make the SFTP test work again.
author: Anselm Kruis <a.kruis@science-computing.de> 2017-08-05 14:24:10 +0200
committer: sdeiss@science-computing.de <sdeiss@science-computing.de> 2017-09-13 14:53:27 +0200
commit: ad5c0d17fffd6b365a5477d2b884d3207879d8b8 (patch)
tree: 359c500d90290179a9ce233a882d8feac9580ccb /demos
parent: c4aed573db0392ec35f1dbe3d4ba6aa0b25f8815 (diff)
1 files changed, 0 insertions, 2 deletions
diff --git a/demos/demo_simple.py b/demos/demo_simple.py
index 7ae3d8c8..9def57f8 100644
--- a/demos/demo_simple.py
+++ b/demos/demo_simple.py
@@ -79,8 +79,6 @@ try:
     if not UseGSSAPI and not DoGSSAPIKeyExchange:
         client.connect(hostname, port, username, password)
     else:
-        # SSPI works only with the FQDN of the target host
-        hostname = socket.getfqdn(hostname)
         try:
             client.connect(hostname, port, username, gss_auth=UseGSSAPI,
                            gss_kex=DoGSSAPIKeyExchange)
author	Anselm Kruis <a.kruis@science-computing.de>	2017-08-05 14:24:10 +0200
committer	sdeiss@science-computing.de <sdeiss@science-computing.de>	2017-09-13 14:53:27 +0200
commit	ad5c0d17fffd6b365a5477d2b884d3207879d8b8 (patch)
tree	359c500d90290179a9ce233a882d8feac9580ccb /demos
parent	c4aed573db0392ec35f1dbe3d4ba6aa0b25f8815 (diff)