diff options
Diffstat (limited to 'source4/kdc/kpasswdd.c')
-rw-r--r-- | source4/kdc/kpasswdd.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 8f2cb68129..3a39348578 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -447,7 +447,9 @@ bool kpasswdd_process(struct kdc_server *kdc, struct cli_credentials *server_credentials; struct gensec_security *gensec_security; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - + + char *keytab_name; + if (!tmp_ctx) { return false; } @@ -489,8 +491,12 @@ bool kpasswdd_process(struct kdc_server *kdc, * we already have, rather than a new context */ cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context); cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx); - nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, "kadmin/changepw"); - if (!NT_STATUS_IS_OK(nt_status)) { + + keytab_name = talloc_asprintf(server_credentials, "HDB:samba4&%p", kdc->hdb_samba4_context); + + cli_credentials_set_username(server_credentials, "kadmin/changepw", CRED_SPECIFIED); + ret = cli_credentials_set_keytab_name(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, keytab_name, CRED_SPECIFIED); + if (ret != 0) { ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx, KRB5_KPASSWD_HARDERROR, talloc_asprintf(mem_ctx, |