lib/krb5: windows KDCs always return the canoncalized server principal

author Stefan Metzmacher <metze@samba.org>

Mon, 25 Jul 2011 07:23:52 +0000 (09:23 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 29 Apr 2020 09:07:57 +0000 (11:07 +0200)
author Stefan Metzmacher <metze@samba.org>
Mon, 25 Jul 2011 07:23:52 +0000 (09:23 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 29 Apr 2020 09:07:57 +0000 (11:07 +0200)
diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c

index 87add0527f98babb69685ceae7ba6339feab7172..3b69f9d3b7a6672164e5d85312511a316a52ea96 100644 (file)
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -557,6 +557,11 @@ get_cred_kdc(krb5_context context,
         /* this should go someplace else */
         out_creds->times.endtime = in_creds->times.endtime;
  
+       /*
+        * Windows KDCs always canonicalize the server name
+        */
+       eflags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+
         /* XXX should do better testing */
         if (flags.b.cname_in_addl_tkt || impersonate_principal)
             eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
author	Stefan Metzmacher <metze@samba.org>
	Mon, 25 Jul 2011 07:23:52 +0000 (09:23 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 29 Apr 2020 09:07:57 +0000 (11:07 +0200)