lorikeet-heimdal: Netbios Domain as Realm HACK...

This is really a ugly hack, to support using the Netbios Domain Name
as realm against windows KDC's, they always return the full realm
based on the DNS Name.

metze

diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c
index 398a6ad4aff287c42c131bbb31d4207b541f336e..cc49e16030cbb4f78d50770dcba47dceb615ff3e 100644 (file)
--- a/lib/krb5/get_in_tkt.c
+++ b/lib/krb5/get_in_tkt.c
@@ -384,7 +384,16 @@ _krb5_extract_ticket(krb5_context context,
        goto out;
     }
 
-    /* compare client and save */
+    /*
+     * HACK:
+     * this is really a ugly hack, to support using the Netbios Domain Name
+     * as realm against windows KDC's, they always return the full realm
+     * based on the DNS Name.
+     */
+    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+    flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
+
+   /* compare client and save */
     ret = _krb5_principalname2krb5_principal (context,
                                              &tmp_principal,
                                              rep->kdc_rep.cname,