summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/krb5/krb/get_creds.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index f229ba1c3..780e6568b 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -557,6 +557,14 @@ step_referrals(krb5_context context, krb5_tkt_creds_context ctx)
return begin_non_referral(context, ctx);
}
+ /* Active Directory may return a TGT to the local realm. Try a
+ * non-referral query if we see this. */
+ referral_realm = &ctx->reply_creds->server->data[1];
+ if (data_eq(*referral_realm, ctx->cur_tgt->server->data[1])) {
+ TRACE_TKT_CREDS_SAME_REALM_TGT(context, referral_realm);
+ return begin_non_referral(context, ctx);
+ }
+
if (ctx->referral_count == 1) {
/* Cache the referral TGT only if it's from the local realm.
* Make sure to note the associated authdata, if any. */
@@ -577,7 +585,6 @@ step_referrals(krb5_context context, krb5_tkt_creds_context ctx)
return KRB5_KDC_UNREACH;
/* Check for referral loops. */
- referral_realm = &ctx->reply_creds->server->data[1];
if (seen_realm_before(context, ctx, referral_realm))
return KRB5_KDC_UNREACH;
code = remember_realm(context, ctx, referral_realm);
generated by cgit (git 2.34.1) at 2026-04-11 23:27:54 +0000