diff options
author | Ralph Boehme <slow@samba.org> | 2016-04-24 07:39:25 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2016-04-25 10:35:14 +0200 |
commit | 20dc68050df7b1b0c9d06f8251183a0a6283fcaf (patch) | |
tree | 5ada69954f527bbe0a4e8f56d96d7062af4cabbb | |
parent | 957741ce65f56e7f1a76111a7de1c4f00a7659f7 (diff) | |
download | samba-20dc68050df7b1b0c9d06f8251183a0a6283fcaf.tar.gz |
s4/heimdal: allow SPNs in AS-REQ
This allows testing keytabs with service tickets. Windows KDCs allow
this as well.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 7e7aefd21e5..3762abe0120 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -762,9 +762,9 @@ kdc_check_flags(krb5_context context, return KRB5KDC_ERR_POLICY; } - if(!client->flags.client){ + if (!is_as_req && !client->flags.client){ kdc_log(context, config, 0, - "Principal may not act as client -- %s", client_name); + "Principal may only act as client in AS-REQ -- %s", client_name); return KRB5KDC_ERR_POLICY; } @@ -1055,7 +1055,7 @@ _kdc_as_rep(krb5_context context, */ ret = _kdc_db_fetch(context, config, client_princ, - HDB_F_GET_CLIENT | flags, NULL, + HDB_F_GET_ANY | flags, NULL, &clientdb, &client); if(ret == HDB_ERR_NOT_FOUND_HERE) { kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name); |