From 316e0d21846972bad85ef05ebaecd9804ca8e1f2 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Sat, 21 May 2016 18:38:43 -0500 Subject: [PATCH] Store the canonical client princ in ipropd-slave Otherwise we risk storing a name with the referral (empty) realm name, which will then cause various knock-on effects, such as thinking that the start_realm is "", and failing to find matching credentials in the ccache. --- lib/kadm5/ipropd_slave.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index 2e36e91c4..009bccd28 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -150,7 +150,7 @@ get_creds(krb5_context context, const char *keytab_str, ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, cache); if(ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); - ret = krb5_cc_initialize(context, *cache, client); + ret = krb5_cc_initialize(context, *cache, creds.client); if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); ret = krb5_cc_store_cred(context, *cache, &creds);