From 28d78c40ade22c4b5d445dbe23f18ca210e41f8c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 24 Jan 2006 05:31:08 +0000
Subject: r13107: Follow the lead of Heimdal's kpasswdd and use the HDB
 (hdb-ldb in our case) as the keytab.

This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).

Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
---
 source4/kdc/kpasswdd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/kdc/kpasswdd.c')

diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 05aced904d..8e6448435b 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -457,7 +457,10 @@ BOOL kpasswdd_process(struct kdc_server *kdc,
 		DEBUG(1, ("Failed to init server credentials\n"));
 		return False;
 	}
-	
+
+	/* We want the credentials subsystem to use the krb5 context
+	 * we already have, rather than a new context */	
+	cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context);
 	cli_credentials_set_conf(server_credentials);
 	nt_status = cli_credentials_set_stored_principal(server_credentials, "kadmin/changepw");
 	if (!NT_STATUS_IS_OK(nt_status)) {
-- 
cgit