kdc: add support for HDB_ERR_WRONG_REALM
A backend can return this if asked with HDB_F_GET_CLIENT|HDB_F_FOR_AS_REQ for a KRB5_NT_ENTERPRISE_PRINCIPAL record or for HDB_F_GET_SERVER | HDB_F_FOR_TGS_REQ. entry_ex->entry.principal->realm needs to return the real realm of the principal (or at least a the realm of the next cross-realm trust hop). This is needed to route enterprise principals between AD domain trusts. Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher
committed by
Andrew Bartlett
Andrew Bartlett
parent
81f9ed4a6c
commit
078e6f5dd2
@@ -28,5 +28,6 @@ error_code NO_WRITE_SUPPORT, "HDB backend doesn't contain write support"
|
||||
error_code NOT_FOUND_HERE, "The secret for this entry is not replicated to this database"
|
||||
error_code MISUSE, "Incorrect use of the API"
|
||||
error_code KVNO_NOT_FOUND, "Entry key version number not found"
|
||||
error_code WRONG_REALM, "The principal exists in another realm."
|
||||
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user