Fix KRB5PrincipalName / UPN SAN comparison

Depending on how the target principal name is conveyed to the
command (i.e. with / without realm), the KRB5PrincipalName / UPN
subjectAltName validation could be comparing unequal strings and
erroneously rejecting a valid request.

Normalise both side of the comparison to ensure that the principal
names contain realm information.

Fixes: https://fedorahosted.org/freeipa/ticket/5191
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

0 files changed, 0 insertions, 0 deletions