2 files changed, 8 insertions, 6 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 0bf63f30ae..fc1bfa824e 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -83,7 +83,11 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re
 	server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), 
 				       struct cli_credentials);
 	if (do_attribute(s->attrs, "supportedSASLMechanisms")) {
-		const struct gensec_security_ops **ops = cli_credentials_gensec_list(server_creds);
+		struct gensec_security_ops **backends = gensec_security_all();
+		enum credentials_use_kerberos use_kerberos
+			= cli_credentials_get_kerberos_state(server_creds);
+		struct gensec_security_ops **ops
+			= gensec_use_kerberos_mechs(req, backends, use_kerberos);
 		int i;
 		for (i = 0; ops && ops[i]; i++) {
 			if (ops[i]->sasl_name) {
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index a155e24e7e..86c1b048a7 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -958,6 +958,7 @@ NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
 {
 	NTSTATUS nt_status;
 	struct auth_session_info *session_info;
+	struct gensec_security_ops **not_kerberos_list;
 	*db = talloc(mem_ctx, HDB);
 	if (!*db) {
 		krb5_set_error_string(context, "malloc: out of memory");
@@ -980,11 +981,8 @@ NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
 	 * certificates, for now it will almost certainly be NTLMSSP
 	*/
 	
-	nt_status = cli_credentials_gensec_remove_oid(session_info->credentials, 
-						      GENSEC_OID_KERBEROS5);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
+	cli_credentials_set_kerberos_state(session_info->credentials, 
+					   CRED_DONT_USE_KERBEROS);
 
 	/* Setup the link to LDB */
 	(*db)->hdb_db = samdb_connect(*db, session_info);