r20406: Metze's change in -r 19662 broke Kerberos logins from Win2k3.

r20406: Metze's change in -r 19662 broke Kerberos logins from Win2k3.

The reason is long and complex, but is due to forwardable tickets:

We would extract the forwardable ticket from the GSSAPI payload, and
look for the expiry time of the ticket for krbtgt/REALM@REALM.

However, with -r 19662 the ticket is given to the client as being for
krbtgt/realm@REALM, as it asked for a lower case realm.  Heimdal is
case sensitive for realms, and bails out.  (It should just not store
the forwarded ticket).

We need to co-ordinate changes in the KDC with relaxation of checks in
Heimdal, and a better kerberos behaviour testsuite.

Andrew Bartlett
(This used to be commit be4c1a36b0e31cbb680d55e8d933818dc3c7435b)