summaryrefslogtreecommitdiff
path: root/source4/kdc/kpasswdd.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/kdc/kpasswdd.c')
-rw-r--r--source4/kdc/kpasswdd.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 8f2cb68129..3a39348578 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -447,7 +447,9 @@ bool kpasswdd_process(struct kdc_server *kdc,
struct cli_credentials *server_credentials;
struct gensec_security *gensec_security;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-
+
+ char *keytab_name;
+
if (!tmp_ctx) {
return false;
}
@@ -489,8 +491,12 @@ bool kpasswdd_process(struct kdc_server *kdc,
* we already have, rather than a new context */
cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context);
cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx);
- nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, "kadmin/changepw");
- if (!NT_STATUS_IS_OK(nt_status)) {
+
+ keytab_name = talloc_asprintf(server_credentials, "HDB:samba4&%p", kdc->hdb_samba4_context);
+
+ cli_credentials_set_username(server_credentials, "kadmin/changepw", CRED_SPECIFIED);
+ ret = cli_credentials_set_keytab_name(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, keytab_name, CRED_SPECIFIED);
+ if (ret != 0) {
ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,
talloc_asprintf(mem_ctx,
generated by cgit (git 2.34.1) at 2024-08-21 06:40:07 +0000