get_init_creds_password: DNS SRV off causes bogus REALM_UNKNOWN

	* gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
	turned off, the second call to get_init_creds() will fail with
	KRB5_REALM_UNKNOWN under certain circumstances.  If that happens,
	return the error from the first call to get_init_creds(), which
	will be more useful to the user.

ticket: new
target_version: 1.3.2
tags: pullup
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15761 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 10 insertions, 1 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index cd27b18ec..80163b8a3 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,11 @@
+2003-08-08  Tom Yu  <tlyu@mit.edu>
+
+	* gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
+	turned off, the second call to get_init_creds() will fail with
+	KRB5_REALM_UNKNOWN under certain circumstances.  If that happens,
+	return the error from the first call to get_init_creds(), which
+	will be more useful to the user.
+
 2003-07-22  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
 
 	* preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index aa748dbd3..fdd7c514a 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -160,7 +160,8 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ
 	 slave we were able to contact */
 
       if ((ret2 == KRB5_KDC_UNREACH) ||
-		  (ret2 == KRB5_REALM_CANT_RESOLVE))
+	  (ret2 == KRB5_REALM_CANT_RESOLVE) ||
+	  (ret2 == KRB5_REALM_UNKNOWN))
 	 goto cleanup;
 
       ret = ret2;