r1475: More kerberos work

- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
 - The client code now remembers the hostname it connects to

- We now kinit for a user, if there is not valid ticket already

- Re-introduce clock skew compensation

TODO:
 - See if the username in the ccache matches the username specified
 - Use a private ccache, rather then the global one, for a 'new' kinit
 - Determine 'default' usernames.
  - The default for Krb5 is the one in the ccache, then $USER
  - For NTLMSSP, it's just $USER

Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)

1 files changed, 2 insertions, 1 deletions

diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index 32846cf580..d4910eb92f 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -256,7 +256,7 @@ static NTSTATUS gensec_spnego_client_netTokenInit(struct gensec_security *gensec
 			return nt_status;
 	}
 	nt_status = gensec_update(spnego_state->sub_sec_security,
-						  out_mem_ctx, in, &unwrapped_out);
+				  out_mem_ctx, in, &unwrapped_out);
 	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		struct spnego_data spnego_out;
 		spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
@@ -349,6 +349,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 		}
 
 		if (spnego.negTokenInit.targetPrincipal) {
+			DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal));
 			nt_status = gensec_set_target_principal(gensec_security, 
 								spnego.negTokenInit.targetPrincipal);
 			if (!NT_STATUS_IS_OK(nt_status)) {