s3:libnet: Use more secure name for the JOIN krb5.conf

Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index ddc00f7ad7c82801c5ada52172971ae049713c71..e052306523d48b61eaa9c3f3ab4b51085b71a114 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2598,12 +2598,14 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
                }
 
                /* The domain parameter is only used as modifier
-                * to krb5.conf file name. .JOIN is is not a valid
+                * to krb5.conf file name. _JOIN_ is is not a valid
                 * NetBIOS name so it cannot clash with another domain
                 * -- Uri.
                 */
-               create_local_private_krb5_conf_for_domain(
-                   pre_connect_realm, ".JOIN", sitename, &ss);
+               create_local_private_krb5_conf_for_domain(pre_connect_realm,
+                                                         "_JOIN_",
+                                                         sitename,
+                                                         &ss);
        }
 
        status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli);