git.samba.org / amitay / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Revert "s4/heimdal: allow SPNs in AS-REQ"
[amitay/samba.git] / source4 / heimdal / kdc / kerberos5.c
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 12187dde4299de7c8ce5b7f3bafae39ee557354d..a3ba5fef0ee44ea52730cd49d48bd90fca4b1a02 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -762,9 +762,9 @@ kdc_check_flags(krb5_context context,
            return KRB5KDC_ERR_POLICY;
        }
 
-       if (!is_as_req && !client->flags.client){
+       if(!client->flags.client){
            kdc_log(context, config, 0,
-                   "Principal may only act as client in AS-REQ -- %s", client_name);
+                   "Principal may not act as client -- %s", client_name);
            return KRB5KDC_ERR_POLICY;
        }
 
@@ -1056,7 +1056,7 @@ _kdc_as_rep(krb5_context context,
      */
 
     ret = _kdc_db_fetch(context, config, client_princ,
-                       HDB_F_GET_ANY | flags, NULL,
+                       HDB_F_GET_CLIENT | flags, NULL,
                        &clientdb, &client);
     if(ret == HDB_ERR_NOT_FOUND_HERE) {
        kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name);
Amitay's Samba development tree