Fix transited handling for GSSAPI acceptors

The Acceptor Names project (#6855) extended krb5_rd_req so that it can
accept a "matching principal" in the server parameter.  If the
matching principal has an empty realm, rd_req_decoded_opt attempted to
do transited checking with an empty server realm.

To fix this, always reset server to req->ticket->server for future
processing steps if we decrypt the ticket using a keytab.
decrypt_ticket replaces req->ticket->server with the principal name
from the keytab entry, so we know this name is correct.

Based on a bug report and patch from nalin@redhat.com.

ticket: 7639
target_version: 1.11.3
tags: pullup

0 files changed, 0 insertions, 0 deletions