mit_samba: Return 0 in case of a wrong realm

The MIT KDC will deal with this correctly for us.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 57af4b71b1fb9bf1722fd1b2011027caa6db4f84..70877a9f0a4d90079243a408ee3b42d3f97571b9 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -220,7 +220,12 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
                ret = KRB5_KDB_NOENTRY;
                goto done;
        case SDB_ERR_WRONG_REALM:
-               ret = KRB5KDC_ERR_WRONG_REALM;
+               /*
+                * If we have a wrong realm e.g. if we try get a cross forest
+                * ticket, we return a ticket with the correct realm. The KDC
+                * will detect this an return the appropriate return code.
+                */
+               ret = 0;
                break;
        case SDB_ERR_NOT_FOUND_HERE:
                /* FIXME: RODC support */