LDAP: Checking the principal should not be considered fatal

The check is too restrictive as the select_principal_from_keytab can
return something else than user requested right now.

Consider that user query for host/myserver@EXAMPLE.COM, then the
select_principal_from_keytab function will return "myserver" in primary and
"EXAMPLE.COM" in realm. So the caller needs to add logic to also break
down the principal to get rid of the host/ part. The heuristics would
simply get too complex.

select_principal_from_keytab will error out anyway if there's no
suitable principal at all.

0 files changed, 0 insertions, 0 deletions