7672ad31db
We were losing and leaking the reason for which kdc_check_flags() was rejecting any S4U requests, yielding incomplete error messages. The issue is that kdc_check_flags() wants to check the client and server principals in the input state structure, but doesn't know about impersonated principal name, and so we want to pass it a state structure that has the impersonated instead of the impersonator client name. This is a bad design, but I'm ignoring that for now and just fixing this one leak.
6.5 KiB
6.5 KiB