From 0342db7e87f4c98da4051e9fc7a8abf1e36218d0 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 17 Mar 2006 13:57:00 +0000
Subject: r14512: Guenther, This code breaks winbind with MIT krb1.3. I'm
 disabling it for now until we have en effective means of dealing with the
 ticket request flags for users and computers. (This used to be commit
 635f0c9c01c2e389ca916e9004e9ea064bf69cbb)

---
 source3/libads/kerberos.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'source3/libads/kerberos.c')

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c82310dd08..17e350d754 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -72,7 +72,9 @@ int kerberos_kinit_password(const char *principal,
 	krb5_ccache cc = NULL;
 	krb5_principal me;
 	krb5_creds my_creds;
+#if 0
 	krb5_get_init_creds_opt opt;
+#endif
 
 	initialize_krb5_error_table();
 	if ((code = krb5_init_context(&ctx)))
@@ -95,9 +97,12 @@ int kerberos_kinit_password(const char *principal,
 		return code;
 	}
 
+#if 0	/* This code causes problems with MIT krb5 1.3 when asking for a 
+	   TGT for the machine account */
 	krb5_get_init_creds_opt_init(&opt);
 	krb5_get_init_creds_opt_set_renew_life(&opt, renewable_time);
 	krb5_get_init_creds_opt_set_forwardable(&opt, 1);
+#endif
 	
 	if (request_pac) {
 #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
@@ -105,9 +110,14 @@ int kerberos_kinit_password(const char *principal,
 #endif
 	}
 
+#if 0
 	if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), 
-						 kerb_prompter, 
-						 NULL, 0, NULL, &opt))) {
+						 kerb_prompter, NULL, 0, NULL, &opt)))
+#else
+	if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), 
+						 kerb_prompter, NULL, 0, NULL, NULL))) 
+#endif
+	{
 		krb5_free_principal(ctx, me);
 		krb5_free_context(ctx);		
 		return code;
-- 
cgit