2 files changed, 30 insertions, 3 deletions

diff --git a/net/http/http_auth_handler_negotiate.cc b/net/http/http_auth_handler_negotiate.cc
index 3685346..d7a9c50 100644
--- a/net/http/http_auth_handler_negotiate.cc
+++ b/net/http/http_auth_handler_negotiate.cc
@@ -113,7 +113,8 @@ bool HttpAuthHandlerNegotiate::AllowsDefaultCredentials() {
 
 std::wstring HttpAuthHandlerNegotiate::CreateSPN(
     const AddressList& address_list, const GURL& origin) {
-  // Kerberos SPNs are in the form HTTP/<host>:<port>
+  // Kerberos Web Server SPNs are in the form HTTP/<host>:<port> through SSPI,
+  // and in the form HTTP@<host>:<port> through GSSAPI
   //   http://msdn.microsoft.com/en-us/library/ms677601%28VS.85%29.aspx
   //
   // However, reality differs from the specification. A good description of
@@ -145,10 +146,16 @@ std::wstring HttpAuthHandlerNegotiate::CreateSPN(
   std::string server;
   if (!address_list.GetCanonicalName(&server))
     server = origin.host();
+#if defined(OS_WIN)
+  static const char kSpnSeparator = '/';
+#elif defined(OS_POSIX)
+  static const char kSpnSeparator = '@';
+#endif
   if (port != 80 && port != 443 && use_port_) {
-    return ASCIIToWide(StringPrintf("HTTP/%s:%d", server.c_str(), port));
+    return ASCIIToWide(StringPrintf("HTTP%c%s:%d", kSpnSeparator,
+                                    server.c_str(), port));
   } else {
-    return ASCIIToWide(StringPrintf("HTTP/%s", server.c_str()));
+    return ASCIIToWide(StringPrintf("HTTP%c%s", kSpnSeparator, server.c_str()));
   }
 }
 
diff --git a/net/http/http_auth_handler_negotiate_unittest.cc b/net/http/http_auth_handler_negotiate_unittest.cc
index 2646ee6..a95eb44 100644
--- a/net/http/http_auth_handler_negotiate_unittest.cc
+++ b/net/http/http_auth_handler_negotiate_unittest.cc
@@ -196,7 +196,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) {
   EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
                                                 &request_info,
                                                 &callback, &token));
+#if defined(OS_WIN)
   EXPECT_EQ(L"HTTP/alias", auth_handler->spn());
+#elif defined(OS_POSIX)
+  EXPECT_EQ(L"HTTP@alias", auth_handler->spn());
+#endif
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
@@ -212,7 +216,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
   EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
                                                 &request_info,
                                                 &callback, &token));
+#if defined(OS_WIN)
   EXPECT_EQ(L"HTTP/alias", auth_handler->spn());
+#elif defined(OS_POSIX)
+  EXPECT_EQ(L"HTTP@alias", auth_handler->spn());
+#endif
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
@@ -228,7 +236,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
   EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
                                                 &request_info,
                                                 &callback, &token));
+#if defined(OS_WIN)
   EXPECT_EQ(L"HTTP/alias:500", auth_handler->spn());
+#elif defined(OS_POSIX)
+  EXPECT_EQ(L"HTTP@alias:500", auth_handler->spn());
+#endif
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
@@ -244,7 +256,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
   EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
                                                 &request_info,
                                                 &callback, &token));
+#if defined(OS_WIN)
   EXPECT_EQ(L"HTTP/canonical.example.com", auth_handler->spn());
+#elif defined(OS_POSIX)
+  EXPECT_EQ(L"HTTP@canonical.example.com", auth_handler->spn());
+#endif
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
@@ -260,7 +276,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
   EXPECT_EQ(ERR_IO_PENDING, auth_handler->GenerateAuthToken(
       &username, &password, &request_info, &callback, &token));
   EXPECT_EQ(OK, callback.WaitForResult());
+#if defined(OS_WIN)
   EXPECT_EQ(L"HTTP/canonical.example.com", auth_handler->spn());
+#elif defined(OS_POSIX)
+  EXPECT_EQ(L"HTTP@canonical.example.com", auth_handler->spn());
+#endif
 }
 
 }  // namespace net