Revert "kdc: move more name canonicalization logic to KDC"

This reverts commit 1b7e196e66. It turns out that, contrary to the referrals draft, Windows does not canonicalize enterprise principal names if the canonicalize KDC option is unset.
2019-01-06 17:43:18 +11:00
parent 79f84913c9
commit 0141e7a497
2 changed files with 14 additions and 25 deletions
--- a/lib/hdb/common.c
+++ b/lib/hdb/common.c
@@ -119,6 +119,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
 	if (ret)
 	    return ret;
 	principal = enterprise_principal;
+	flags |= HDB_F_CANON; /* enterprise implies canonicalization */
    }

    hdb_principal2key(context, principal, &key);