From b9203dc1571be66a6dd23c88a93d0efd6d305f03 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 3 Feb 2015 13:00:34 +0100 Subject: [PATCH] krb5-wrap: Use the principal returned by the KDC to create the ccache We request a TGT in uppercase from the KDC. We turned on canonicalization for that so the KDC returns the principal in lowercase cause of this. As we use the uppercase prinicpal to create the ccache we fail to find the tickets we need later because it is stored in the incorrect case. You have to use the princial returned by the KDC here. Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy --- lib/krb5_wrap/krb5_samba.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 22975c1c8a3..490d7239223 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1717,6 +1717,14 @@ krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, return code; } +#ifndef SAMBA4_USES_HEIMDAL /* MIT */ + /* + * We need to store the principal as returned from the KDC to the + * credentials cache. If we don't do that the KRB5 library is not + * able to find the tickets it is looking for + */ + principal = my_creds.client; +#endif code = krb5_cc_initialize(ctx, cc, principal); if (code) { goto done; -- 2.34.1