From 7b15a833a367c038b5910c1e5d51db56e4635deb Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Thu, 22 Dec 2011 11:18:33 -0800 Subject: [PATCH] Set default principal for password change to credential client The default client principal for krb5_set_password, if the principal argument were NULL, was krb5_get_default_principal. But krb5_set_password requires credentials for the password change service be passed in, and those credentials are already associated with a client principal that's much more likely to be the correct choice for a default. Use that principal instead of krb5_get_default_principal. --- lib/krb5/changepw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index e028753db..12f0b1546 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -718,7 +718,7 @@ krb5_change_password (krb5_context context, * @param context a Keberos context * @param creds The initial kadmin/passwd for the principal or an admin principal * @param newpw The new password to set - * @param targprinc if unset, the default principal is used. + * @param targprinc if unset, the client principal from creds is used * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed. * @param result_code_string binary message from the server, contains * at least the result_code. @@ -748,7 +748,7 @@ krb5_set_password(krb5_context context, krb5_data_zero(result_string); if (targprinc == NULL) { - ret = krb5_get_default_principal(context, &principal); + ret = krb5_copy_principal(context, creds->client, &principal); if (ret) return ret; } else