From 85acea1b76db4cf2c83a47be628e7c7f95e863db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 21 Jun 2007 14:11:01 +0000
Subject: [PATCH] Don't check PAC on cross realm for now.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21258 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/krb5tgs.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 94ab84524..2657f1a0f 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1707,24 +1707,21 @@ server_lookup:
 	    goto out;
     }
 
-    /* check PAC if there is one */
-    {
+    /* check PAC if not cross realm and if there is one */
+    if (!cross_realm) {
 	Key *tkey;
-	krb5_keyblock *tgtkey = NULL;
+	krb5_keyblock *tgtkey;
 
-	if (!cross_realm) {
-	    ret = hdb_enctype2key(context, &krbtgt->entry, 
-				  krbtgt_etype, &tkey);
-	    if(ret) {
-		kdc_log(context, config, 0,
-			"Failed to find key for krbtgt PAC check");
-		goto out;
-	    }
-	    tgtkey = &tkey->key;
+	ret = hdb_enctype2key(context, &krbtgt->entry, 
+			      krbtgt_etype, &tkey);
+	if(ret) {
+	    kdc_log(context, config, 0,
+		    "Failed to find key for krbtgt PAC check");
+	    goto out;
 	}
 
 	ret = check_PAC(context, config, client_principal, 
-			client, server, ekey, tgtkey,
+			client, server, ekey, &tkey->key,
 			tgt, &rspac, &require_signedpath);
 	if (ret) {
 	    kdc_log(context, config, 0,