select_principal_from_keytab() look for plain input as well

Currently in select_principal_from_keytab() all kind of different
versions of the host principal are looked up in the keytab except for
the plain name the ldap_sasl_authid option. With this patch the plain
name is looked up first.

1 files changed, 6 insertions, 2 deletions

diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 383745787..0eb032a76 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -49,14 +49,18 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
 
     /**
      * Priority of lookup:
+     * - our.hostname@REALM or host/our.hostname@REALM depending on the input
+     * - our.hostname$@REALM (AD domain)
      * - foobar$@REALM (AD domain)
      * - host/our.hostname@REALM
      * - host/foobar@REALM
      * - host/foo@BAR
      * - pick the first principal in the keytab
      */
-    const char *primary_patterns[] = {"%s$", "*$", "host/%s", "host/*", "host/*", NULL};
-    const char *realm_patterns[] = {"%s", "%s", "%s", "%s", NULL, NULL};
+    const char *primary_patterns[] = {"%s", "%s$", "*$", "host/%s", "host/*",
+                                      "host/*", NULL};
+    const char *realm_patterns[] =   {"%s", "%s",  "%s", "%s",      "%s",
+                                      NULL,     NULL};
 
     DEBUG(5, ("trying to select the most appropriate principal from keytab\n"));
     tmp_ctx = talloc_new(NULL);