Handle picky windows RODC servers

author Love Hornquist Astrand <lha@h5l.org>

Sat, 2 Oct 2010 00:49:05 +0000 (17:49 -0700)

committer Love Hornquist Astrand <lha@h5l.org>

Sat, 2 Oct 2010 00:49:05 +0000 (17:49 -0700)
author Love Hornquist Astrand <lha@h5l.org>
Sat, 2 Oct 2010 00:49:05 +0000 (17:49 -0700)
committer Love Hornquist Astrand <lha@h5l.org>
Sat, 2 Oct 2010 00:49:05 +0000 (17:49 -0700)
diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c

index 869687aa63b5a6e40d77103fcdb4bfc2ee82beb0..29b882d053117c878022ab4af49669a5915c3778 100644 (file)
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -1418,6 +1418,17 @@ krb5_init_creds_set_service(krb5_context context,
         if (ret)
             return ret;
      }
+
+    /*
+     * This is for Windows RODC that are picky about what name type
+     * the server principal have, and the really strange part is that
+     * they are picky about the AS-REQ name type and not the TGS-REQ
+     * later. Oh well.
+     */
+
+    if (krb5_principal_is_krbtgt(context, principal))
+       krb5_principal_set_type(context, principal, KRB5_NT_SRV_INST);
+
      krb5_free_principal(context, ctx->cred.server);
      ctx->cred.server = principal;
author	Love Hornquist Astrand <lha@h5l.org>
	Sat, 2 Oct 2010 00:49:05 +0000 (17:49 -0700)
committer	Love Hornquist Astrand <lha@h5l.org>
	Sat, 2 Oct 2010 00:49:05 +0000 (17:49 -0700)