From 6beb05864028feb816485738649f15002da8786e Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Fri, 1 Oct 2010 17:49:05 -0700 Subject: [PATCH] Handle picky windows RODC servers --- lib/krb5/init_creds_pw.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 869687aa6..29b882d05 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -1418,6 +1418,17 @@ krb5_init_creds_set_service(krb5_context context, if (ret) return ret; } + + /* + * This is for Windows RODC that are picky about what name type + * the server principal have, and the really strange part is that + * they are picky about the AS-REQ name type and not the TGS-REQ + * later. Oh well. + */ + + if (krb5_principal_is_krbtgt(context, principal)) + krb5_principal_set_type(context, principal, KRB5_NT_SRV_INST); + krb5_free_principal(context, ctx->cred.server); ctx->cred.server = principal;