3 files changed, 14 insertions, 9 deletions

diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
index 52a377dbba..c787343515 100644
--- a/source4/kdc/config.mk
+++ b/source4/kdc/config.mk
@@ -22,7 +22,7 @@ OBJ_FILES = \
 		hdb-ldb.o \
 		pac-glue.o 
 PRIVATE_DEPENDENCIES = \
-		LIBLDB auth_sam auth_sam_reply KERBEROS
+		LIBLDB auth_sam auth_sam_reply KERBEROS CREDENTIALS
 # End SUBSYSTEM KDC
 #######################
 
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 18fc86b8e0..5c8b2afe0f 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -520,16 +520,18 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address,
 /*
   setup our listening sockets on the configured network interfaces
 */
-static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_context *lp_ctx)
+static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_context *lp_ctx,
+				       struct interface *ifaces)
 {
-	int num_interfaces = iface_count(lp_ctx);
+	int num_interfaces;
 	TALLOC_CTX *tmp_ctx = talloc_new(kdc);
 	NTSTATUS status;
-	
 	int i;
+
+	num_interfaces = iface_count(ifaces);
 	
 	for (i=0; i<num_interfaces; i++) {
-		const char *address = talloc_strdup(tmp_ctx, iface_n_ip(lp_ctx, i));
+		const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
 		status = kdc_add_socket(kdc, address, lp_krb5_port(lp_ctx), 
 					lp_kpasswd_port(lp_ctx));
 		NT_STATUS_NOT_OK_RETURN(status);
@@ -558,6 +560,7 @@ static void kdc_task_init(struct task_server *task)
 	struct kdc_server *kdc;
 	NTSTATUS status;
 	krb5_error_code ret;
+	struct interface *ifaces;
 
 	switch (lp_server_role(task->lp_ctx)) {
 	case ROLE_STANDALONE:
@@ -571,7 +574,9 @@ static void kdc_task_init(struct task_server *task)
 		break;
 	}
 
-	if (iface_count(task->lp_ctx) == 0) {
+	load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces);
+
+	if (iface_count(ifaces) == 0) {
 		task_server_terminate(task, "kdc: no network interfaces configured");
 		return;
 	}
@@ -641,7 +646,7 @@ static void kdc_task_init(struct task_server *task)
 	kdc_mem_ctx = kdc->smb_krb5_context;
 
 	/* start listening on the configured network interfaces */
-	status = kdc_startup_interfaces(kdc, task->lp_ctx);
+	status = kdc_startup_interfaces(kdc, task->lp_ctx, ifaces);
 	if (!NT_STATUS_IS_OK(status)) {
 		task_server_terminate(task, "kdc failed to setup interfaces");
 		return;
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index c8c569b7ed..f468fea6c4 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -62,7 +62,7 @@ static bool kpasswdd_make_error_reply(struct kdc_server *kdc,
 	
 	DEBUG(result_code ? 3 : 10, ("kpasswdd: %s\n", error_string));
 
-	len = push_utf8_talloc(mem_ctx, global_smb_iconv_convenience, &error_string_utf8, error_string);
+	len = push_utf8_talloc(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), &error_string_utf8, error_string);
 	if (len == -1) {
 		return false;
 	}
@@ -474,7 +474,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
 	 * we already have, rather than a new context */	
 	cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context);
 	cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx);
-	nt_status = cli_credentials_set_stored_principal(server_credentials, "kadmin/changepw");
+	nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->lp_ctx, "kadmin/changepw");
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx, 
 						       KRB5_KPASSWD_HARDERROR,