From 78af8b137e5879cd506eb1f44440698d6967f321 Mon Sep 17 00:00:00 2001
From: Mike Bonnet <mikeb@redhat.com>
Date: Wed, 9 Sep 2015 13:01:27 -0400
Subject: [PATCH] Resolve the canonical hostname when constructing the Kerberos server principal

Kerberos authentication will fail if the server principal uses a CNAME.  Resolving
the hostname in the server URL to the canonical hostname associated with the IP
address allows authentication to succeed.
---
 koji/__init__.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/koji/__init__.py b/koji/__init__.py
index f45ff70..097e651 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1724,7 +1724,7 @@ class ClientSession(object):
     def _serverPrincipal(self, cprinc):
         """Get the Kerberos principal of the server we're connecting
         to, based on baseurl."""
-        servername = self._host
+        servername = socket.getfqdn(self._host)
         #portspec = servername.find(':')
         #if portspec != -1:
         #    servername = servername[:portspec]
-- 
1.7.1