diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-02-17 11:52:46 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-02-17 06:40:53 +0100 |
commit | 5c12cb0556aeeaa8882c7b12a281728bf8d556f6 (patch) | |
tree | 6faffb3301932aa5d07adad25a7df5dabffd1750 | |
parent | 0dec840677779a3d86137bb307f57b35f7392d51 (diff) | |
download | samba-5c12cb0556aeeaa8882c7b12a281728bf8d556f6.tar.gz samba-5c12cb0556aeeaa8882c7b12a281728bf8d556f6.tar.bz2 samba-5c12cb0556aeeaa8882c7b12a281728bf8d556f6.zip |
heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as well
This fixes Win2003 domain logons against Samba4, which need a
canonicalised reply, and helpfully do set that flag.
Specifically, they need that realm in krbtgt/realm@realm that these
both match exactly in the reply.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 17 06:40:53 CET 2011 on sn-devel-104
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 394f4dec67..a437b9dbd9 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1000,9 +1000,8 @@ _kdc_as_rep(krb5_context context, ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto out; } - ret = _kdc_db_fetch(context, config, server_princ, - HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags, NULL, NULL, &server); if(ret == HDB_ERR_NOT_FOUND_HERE) { kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name); |