In the kdcpreauth match_client() callback, if it is necessary to look
up the given principal in the KDB, pass KRB5_KDB_FLAG_CLIENT to
krb5_db_get_principal(). Samba requires this flag to properly handle
enterprise client principals.
ticket: 9048 (new)
krb5_principal_compare(context, princ, client))
return TRUE;
- if (krb5_db_get_principal(context, princ, 0, &ent))
+ if (krb5_db_get_principal(context, princ, KRB5_KDB_FLAG_CLIENT, &ent))
return FALSE;
match = krb5_principal_compare(context, ent->princ, client);
krb5_db_free_principal(context, ent);