HEIMDAL: Require armor_server to be a krbtgt name, not just a server name
Samba has a different lookup path for krbtgt/ principals. armor_server is in this case the same as the server in a normal TGS-REQ, just inside the FAST armor, so needs to have the same lookup properties as the TGS-REQ does. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett
committed by
Luke Howard
Luke Howard
parent
61f1be93e3
commit
f03983b64d
@@ -429,7 +429,8 @@ _kdc_fast_unwrap_request(astgs_request_t r)
|
||||
}
|
||||
|
||||
ret = _kdc_db_fetch(r->context, r->config, armor_server,
|
||||
HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS,
|
||||
HDB_F_GET_KRBTGT
|
||||
| HDB_F_DELAY_NEW_KEYS,
|
||||
NULL, NULL, &armor_user);
|
||||
if(ret == HDB_ERR_NOT_FOUND_HERE) {
|
||||
kdc_log(r->context, r->config, 5,
|
||||
|
||||
Reference in New Issue
Block a user