From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 20 Apr 2010 08:02:40 +0000 (+0000)
Subject: In the krb5 GSSAPI mech, adjust the error code expected from
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b990d132764e91c97402b1070b830473fcf2a1b;p=thirdparty%2Fkrb5.git

In the krb5 GSSAPI mech, adjust the error code expected from
krb5_get_credentials() when there is no TGT in the ccache, in light of
r23909.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23911 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 5c989bd3ae..ea0dc9db91 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -201,11 +201,13 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
     code = krb5_get_credentials(context, flags, cred->ccache,
                                 &in_creds, out_creds);
-    if (code == KRB5_NO_TKT_IN_RLM && cred->password.data != NULL) {
+    if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL &&
+        !cred->iakerb_mech) {
         krb5_creds tgt_creds;
 
         memset(&tgt_creds, 0, sizeof(tgt_creds));
 
+        /* No TGT in the ccache, but we can get one with the password. */
         code = krb5_get_init_creds_password(context, &tgt_creds,
                                             in_creds.client,
                                             cred->password.data,