r14512: Guenther, This code breaks winbind with MIT krb1.3.

I'm disabling it for now until we have en effective
means of dealing with the ticket request flags for users
and computers.
(This used to be commit 635f0c9c01c2e389ca916e9004e9ea064bf69cbb)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c82310dd08429faeca510b49a455568c39fcbda1..17e350d7548f44122edc4fcad1383f5f6ed725e6 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -72,7 +72,9 @@ int kerberos_kinit_password(const char *principal,
        krb5_ccache cc = NULL;
        krb5_principal me;
        krb5_creds my_creds;
+#if 0
        krb5_get_init_creds_opt opt;
+#endif
 
        initialize_krb5_error_table();
        if ((code = krb5_init_context(&ctx)))
@@ -95,9 +97,12 @@ int kerberos_kinit_password(const char *principal,
                return code;
        }
 
+#if 0  /* This code causes problems with MIT krb5 1.3 when asking for a 
+          TGT for the machine account */
        krb5_get_init_creds_opt_init(&opt);
        krb5_get_init_creds_opt_set_renew_life(&opt, renewable_time);
        krb5_get_init_creds_opt_set_forwardable(&opt, 1);
+#endif
        
        if (request_pac) {
 #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
@@ -105,9 +110,14 @@ int kerberos_kinit_password(const char *principal,
 #endif
        }
 
+#if 0
        if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), 
-                                                kerb_prompter, 
-                                                NULL, 0, NULL, &opt))) {
+                                                kerb_prompter, NULL, 0, NULL, &opt)))
+#else
+       if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), 
+                                                kerb_prompter, NULL, 0, NULL, NULL))) 
+#endif
+       {
                krb5_free_principal(ctx, me);
                krb5_free_context(ctx);         
                return code;