summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/kdc/kdc_util.c6
-rw-r--r--src/tests/t_kdb.py8
2 files changed, 11 insertions, 3 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index e61a867d6..bc638c19b 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -389,9 +389,9 @@ kdc_rd_ap_req(kdc_realm_t *kdc_active_realm,
match_enctype = 0;
}
- retval = kdc_get_server_key(kdc_context,
- apreq->ticket, 0, match_enctype, server, NULL,
- NULL);
+ retval = kdc_get_server_key(kdc_context, apreq->ticket,
+ KRB5_KDB_FLAG_ALIAS_OK, match_enctype, server,
+ NULL, NULL);
if (retval)
return retval;
diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
index 7a9471f8a..70fe58a84 100644
--- a/src/tests/t_kdb.py
+++ b/src/tests/t_kdb.py
@@ -286,6 +286,14 @@ out = realm.run([klist])
if 'tgtalias@KRBTEST.COM\n' not in out:
fail('After fetching tgtalias, klist is missing it')
+# Make sure aliases work in header tickets.
+realm.run_kadminl('modprinc -maxrenewlife "3 hours" user')
+realm.run_kadminl('modprinc -maxrenewlife "3 hours" krbtgt/KRBTEST.COM')
+realm.kinit(realm.user_princ, password('user'), ['-l', '1h', '-r', '2h'])
+realm.run([kvno, 'alias'])
+realm.kinit(realm.user_princ, flags=['-R', '-S', 'alias'])
+realm.klist(realm.user_princ, 'alias@KRBTEST.COM')
+
realm.stop()
# Briefly test dump and load.
generated by cgit (git 2.34.1) at 2026-04-05 06:33:38 +0000