diff options
| author | Tom Yu <tlyu@mit.edu> | 2010-10-06 23:57:37 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2010-10-06 23:57:37 +0000 |
| commit | 0d5df56ea6d4a05c31b7e513ee9ec1542a4b5dce (patch) | |
| tree | 2ef8ed48ce9b45d50835fd2134879adbe806bb37 /src/lib/krb5 | |
| parent | ee6561662112b254fc322d5eff7fe33c372d6a9d (diff) | |
| download | krb5-0d5df56ea6d4a05c31b7e513ee9ec1542a4b5dce.tar.gz krb5-0d5df56ea6d4a05c31b7e513ee9ec1542a4b5dce.tar.xz krb5-0d5df56ea6d4a05c31b7e513ee9ec1542a4b5dce.zip | |
set NT-SRV-INST on TGS principal names
Set NT-SRV-INST on TGS principal names in
get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC
insists on it.
Thanks to Bill Fellows for reporting this problem.
ticket: 6798
tags: pullup
target_version: 1.8.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24438 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 28a23f2c43..836a517f92 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -499,8 +499,19 @@ build_in_tkt_name(krb5_context context, client->realm.length, client->realm.data, 0); + if (ret) + return ret; } - return ret; + /* + * Windows Server 2008 R2 RODC insists on TGS principal names having the + * right name type. + */ + if (krb5_princ_size(context, *server) == 2 && + data_eq_string(*krb5_princ_component(context, *server, 0), + KRB5_TGS_NAME)) { + krb5_princ_type(context, *server) = KRB5_NT_SRV_INST; + } + return 0; } void KRB5_CALLCONV |