Version 0.27, which is a release from Steve apparently (I emailed him asking) doesn't have the second bit in the patch either, just the first. Just looking at the code I can't tell if it's needed or not, depends on what the "princ" variable is in the nss_gss_princ_to_ids() function. If it's really just a principal, i.e., <email address hidden>, then the strstr call is ok. It's not clear to me when that is used.
I may try to bring up such a setup myself to check. I don't think I should need an Active Directory server for that (hopefully).
Version 0.27, which is a release from Steve apparently (I emailed him asking) doesn't have the second bit in the patch either, just the first. Just looking at the code I can't tell if it's needed or not, depends on what the "princ" variable is in the nss_gss_ princ_to_ ids() function. If it's really just a principal, i.e., <email address hidden>, then the strstr call is ok. It's not clear to me when that is used.
I may try to bring up such a setup myself to check. I don't think I should need an Active Directory server for that (hopefully).