krb5_wrap: smb_krb5_kinit_password_ccache() should always use the canonicalized principal

We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.

There's no reason to have a different logic between MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 72889fffcf0a7db44a5886bf3ae5f6bd4ad34126..55c17d481f4d5518713239380920d533ef73063e 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2114,14 +2114,12 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
                return code;
        }
 
-#ifndef SAMBA4_USES_HEIMDAL /* MIT */
        /*
         * We need to store the principal as returned from the KDC to the
         * credentials cache. If we don't do that the KRB5 library is not
         * able to find the tickets it is looking for
         */
        principal = my_creds.client;
-#endif
        code = krb5_cc_initialize(ctx, cc, principal);
        if (code) {
                goto done;