krb5_wrap: smb_krb5_kinit_password_ccache() should always use the can…

…onicalized principal We should always use krb5_get_init_creds_opt_set_canonicalize() and krb5_get_init_creds_opt_set_win2k() for heimdal and expect the client principal to be changed. There's no reason to have a different logic between MIT and Heimdal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <[email protected]> Reviewed-by: Guenther Deschner <[email protected]>
bitwiseworks · Sep 24, 2019 · 5d0bf32 · 5d0bf32
1 parent 0bced73
commit 5d0bf32
Showing 1 changed file with 0 additions and 2 deletions.
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
@@ -2114,14 +2114,12 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
 		return code;
 	}
 
-#ifndef SAMBA4_USES_HEIMDAL /* MIT */
 	/*
 	 * We need to store the principal as returned from the KDC to the
 	 * credentials cache. If we don't do that the KRB5 library is not
 	 * able to find the tickets it is looking for
 	 */
 	principal = my_creds.client;
-#endif
 	code = krb5_cc_initialize(ctx, cc, principal);
 	if (code) {
 		goto done;