2 files changed, 20 insertions, 0 deletions

diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog
index 61e7a665c..ad73c2a54 100644
--- a/src/lib/krb5/ccache/ChangeLog
+++ b/src/lib/krb5/ccache/ChangeLog
@@ -1,3 +1,14 @@
+2004-04-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c:
+      In at least one case on Win2003 it appears that it is possible 
+      for the logon session to be authenticated via NTLM and yet for
+      there to be Kerberos credentials obtained by the LSA on behalf
+      of the logged in user.  Therefore, we are removing the test 
+      for IsKerberosLogon() within krb5_lcc_resolve()
+      which was meant to avoid the need to perform GetMSTGT() when
+      there was no possibility of credentials being found.
+
 2004-03-31  Jeffrey Altman <jaltman@mit.edu>
 
     * cc_mslsa.c: Add IsWindows2000() function and use it to return 
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index 0caf65a28..9d0675359 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -1126,8 +1126,17 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     if (!IsWindows2000())
         return KRB5_FCC_NOFILE;
 
+#ifdef COMMENT
+    /* In at least one case on Win2003 it appears that it is possible 
+     * for the logon session to be authenticated via NTLM and yet for
+     * there to be Kerberos credentials obtained by the LSA on behalf
+     * of the logged in user.  Therefore, we are removing this test
+     * which was meant to avoid the need to perform GetMSTGT() when
+     * there was no possibility of credentials being found.
+     */
     if (!IsKerberosLogon())
         return KRB5_FCC_NOFILE;
+#endif
 
     if(!PackageConnectLookup(&LogonHandle, &PackageId))
         return KRB5_FCC_NOFILE;