auth: Allow a NULL principal to be obtained from the credentials

This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2011-12-06 15:56:44 +1100
committer: Amitay Isaacs <amitay@gmail.com> 2011-12-07 10:43:52 +1100
commit: 0344e7278b5ddaba0efd7b31a894e901bd9ef6fb (patch)
tree: 5d4ca2d4e909d4c976d3c64bca3a9e9014f474e5 /source4/auth/gensec
parent: b9f4febd405c9ed8c5386cedeb3190aa395b41c4 (diff)
download: samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.tar.gz
samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.tar.bz2
samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 2a3bd22d32..0c86177960 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -521,7 +521,10 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
 			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 		}
 		
-		/* This ensures we lookup the correct entry in that keytab */
+		/* This ensures we lookup the correct entry in that
+		 * keytab.  A NULL principal is acceptable, and means
+		 * that the krb5 libs should search the keytab at
+		 * accept time for any matching key */
 		ret = principal_from_credentials(out_mem_ctx, gensec_get_credentials(gensec_security), 
 						 gensec_krb5_state->smb_krb5_context, 
 						 &server_in_keytab, &obtained, &error_string);
author	Andrew Bartlett <abartlet@samba.org>	2011-12-06 15:56:44 +1100
committer	Amitay Isaacs <amitay@gmail.com>	2011-12-07 10:43:52 +1100
commit	0344e7278b5ddaba0efd7b31a894e901bd9ef6fb (patch)
tree	5d4ca2d4e909d4c976d3c64bca3a9e9014f474e5 /source4/auth/gensec
parent	b9f4febd405c9ed8c5386cedeb3190aa395b41c4 (diff)
download	samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.tar.gz samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.tar.bz2 samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.zip