--- a/dovecot-example.conf	Wed Mar 28 00:32:25 2007 +0300
+++ b/dovecot-example.conf	Wed Mar 28 00:41:59 2007 +0300
@@ -742,6 +742,10 @@
 # automatically created and destroyed as needed.
 #auth_worker_max_count = 30
 
+# Host name to use in GSSAPI principal names. The default is to use the
+# name returned by gethostname().
+#auth_gssapi_hostname =
+
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system 
 # default (usually /etc/krb5.keytab) if not specified.
 #auth_krb5_keytab = 

--- a/src/auth/auth.c	Wed Mar 28 00:32:25 2007 +0300
+++ b/src/auth/auth.c	Wed Mar 28 00:41:59 2007 +0300
@@ -4,6 +4,7 @@
 #include "network.h"
 #include "buffer.h"
 #include "str.h"
+#include "hostpid.h"
 #include "mech.h"
 #include "userdb.h"
 #include "passdb.h"
@@ -262,6 +263,12 @@
 	if (env != NULL && *env != '\0')
 		auth->username_format = env;
 
+	env = getenv("GSSAPI_HOSTNAME");
+	if (env != NULL && *env != '\0')
+		auth->gssapi_hostname = env;
+	else
+		auth->gssapi_hostname = my_hostname;
+
 	env = getenv("MASTER_USER_SEPARATOR");
 	if (env != NULL)
 		auth->master_user_separator = env[0];

--- a/src/auth/auth.h	Wed Mar 28 00:32:25 2007 +0300
+++ b/src/auth/auth.h	Wed Mar 28 00:41:59 2007 +0300
@@ -46,6 +46,7 @@
 	const char *default_realm;
 	const char *anonymous_username;
 	const char *username_format;
+	const char *gssapi_hostname;
 	char username_chars[256];
 	char username_translation[256];
 	char master_user_separator;

--- a/src/auth/mech-gssapi.c	Wed Mar 28 00:32:25 2007 +0300
+++ b/src/auth/mech-gssapi.c	Wed Mar 28 00:41:59 2007 +0300
@@ -20,7 +20,6 @@
 #include "buffer.h"
 #include "hex-binary.h"
 #include "safe-memset.h"
-#include "hostpid.h"
 
 #ifdef HAVE_GSSAPI
 
@@ -113,7 +112,7 @@
 	principal_name = t_str_new(128);
 	str_append(principal_name, service_name);
 	str_append_c(principal_name, '@');
-	str_append(principal_name, my_hostname); 
+	str_append(principal_name, request->auth->gssapi_hostname);
 
 	auth_request_log_info(request, "gssapi",
 		"Obtaining credentials for %s", str_c(principal_name));

--- a/src/master/auth-process.c	Wed Mar 28 00:32:25 2007 +0300
+++ b/src/master/auth-process.c	Wed Mar 28 00:41:59 2007 +0300
@@ -477,6 +477,10 @@
 		/* Environment used by Kerberos 5 library directly */
 		env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL));
 	}
+	if (*set->gssapi_hostname != '\0') {
+		env_put(t_strconcat("GSSAPI_HOSTNAME=",
+				    set->gssapi_hostname, NULL));
+	}
 
 	restrict_process_size(set->process_size, (unsigned int)-1);
 }

--- a/src/master/master-settings.c	Wed Mar 28 00:32:25 2007 +0300
+++ b/src/master/master-settings.c	Wed Mar 28 00:41:59 2007 +0300
@@ -70,6 +70,7 @@
 	DEF(SET_STR, master_user_separator),
 	DEF(SET_STR, anonymous_username),
 	DEF(SET_STR, krb5_keytab),
+	DEF(SET_STR, gssapi_hostname),
 
 	DEF(SET_BOOL, verbose),
 	DEF(SET_BOOL, debug),
@@ -287,6 +288,7 @@
 	MEMBER(master_user_separator) "",
 	MEMBER(anonymous_username) "anonymous",
 	MEMBER(krb5_keytab) "",
+	MEMBER(gssapi_hostname) "",
 
 	MEMBER(verbose) FALSE,
 	MEMBER(debug) FALSE,

--- a/src/master/master-settings.h	Wed Mar 28 00:32:25 2007 +0300
+++ b/src/master/master-settings.h	Wed Mar 28 00:41:59 2007 +0300
@@ -187,6 +187,7 @@
 	const char *master_user_separator;
 	const char *anonymous_username;
 	const char *krb5_keytab;
+	const char *gssapi_hostname;
 
 	bool verbose, debug, debug_passwords;
 	bool ssl_require_client_cert;