mit_samba: Allow to use SPNs for AS-REQ

author Andreas Schneider <asn@samba.org>

Tue, 26 Apr 2016 14:37:29 +0000 (16:37 +0200)

committer Alexander Bokovoy <ab@samba.org>

Thu, 2 Jun 2016 14:35:35 +0000 (16:35 +0200)
author Andreas Schneider <asn@samba.org>
Tue, 26 Apr 2016 14:37:29 +0000 (16:37 +0200)
committer Alexander Bokovoy <ab@samba.org>
Thu, 2 Jun 2016 14:35:35 +0000 (16:35 +0200)
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c

index bfcbbc3e06876ebcad13ef79f9b326c53955e165..69cddac37e768b841560402e1cfeb74e47d9082b 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -199,8 +199,11 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
                 /*
                  * KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY is equal to
                  * SDB_F_FOR_AS_REQ
+                *
+                * We use ANY to also allow AS_REQ for service principal names
+                * This is supported by Windows.
                  */
-               sflags |= SDB_F_GET_CLIENT|SDB_F_FOR_AS_REQ;
+               sflags |= SDB_F_GET_ANY|SDB_F_FOR_AS_REQ;
         } else if (ks_is_tgs_principal(ctx, principal)) {
                 sflags |= SDB_F_GET_KRBTGT;
         } else {
author	Andreas Schneider <asn@samba.org>
	Tue, 26 Apr 2016 14:37:29 +0000 (16:37 +0200)
committer	Alexander Bokovoy <ab@samba.org>
	Thu, 2 Jun 2016 14:35:35 +0000 (16:35 +0200)