Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1210


Allow realm in kadm5_init service names

Previously, if you passed a service name with a realm part to a
kadm5_init function, you would get a KRB5_PARSE_MALFORMED error
because the code would internally append its own '@realm' suffix
before parsing the name.  Fix this as follows:

Change gic_iter so instead of producing a full service name, it
produces a krb5_principal which is taken from the cred it acquires.
Pass the client and full service name around as principals, rather
than strings, and use the gss_nt_krb5_principal name type to import
them in setup_gss().  Don't append a realm to the input service name;
instead, pass the input service name directly to the gic functions
(which do not need a realm in the service name and will ignore the
realm if one is present).  For the INIT_CREDS case, parse the input
service name with KRB5_PRINCIPAL_PARSE_IGNORE_REALM and then set the
realm.

https://github.com/krb5/krb5/commit/5341cfde2b3e607e294bb0d057dc3540172a8b1b
Author: Greg Hudson <ghudson@mit.edu>
Commit: 5341cfde2b3e607e294bb0d057dc3540172a8b1b
Branch: master
 src/lib/kadm5/clnt/client_init.c |   96 +++++++++++++++++++-------------------
 1 files changed, 48 insertions(+), 48 deletions(-)