From dc3f74a953de0fcf9b3f693efe2ba8dea7b93da9 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Thu, 24 May 2012 15:17:40 +0300
Subject: auth/credentials: 'workgroup' set via command line will not drop
 existing ccache

The root cause for existing ccache being invalidated was use of global loadparm with
'workgroup' value set as if from command line. However, we don't really need to take
'workgroup' parameter value's nature into account when invalidating existing ccache.
When -U is used on the command line, one can specify a password to force ccache
invalidation.

The commit also reverts previous fix now that root cause is clear.
---
 auth/credentials/credentials.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'auth/credentials/credentials.c')

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 3eaccde25e..05f0a624db 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -483,7 +483,11 @@ _PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
 		 * calculations */
 		cred->domain = strupper_talloc(cred, val);
 		cred->domain_obtained = obtained;
-		cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
+		/* setting domain does not mean we have to invalidate ccache 
+		 * because domain in not used for Kerberos operations.
+		 * If ccache invalidation is required, one will anyway specify
+		 * a password to kinit, and that will force invalidation of the ccache
+		 */
 		return true;
 	}
 
-- 
cgit