2004-01-30 Jeffrey Altman <jaltman@mit.edu>

2004-01-30  Jeffrey Altman <jaltman@mit.edu>

   * cc_mslsa.c: As per extensive conversations with Doug Engert we have
     concluded that MS is not specifying a complete set of domain information
     when it comes to service tickets other than the initial TGT.  What happens
     is the client principal domain cannot be derived from the fields they
     export.  Code has now been added to obtain the domain from the initial
     TGT and use that when constructing the client principals for all tickets.

     This behavior can be turned off by setting a registry either on a per-user
     or a system-wide basis:

        {HKCU,HKLM}\Software\MIT\Kerberos5
            PreserveInitialTicketIdentity = 0x0 (DWORD)

ticket: 2139
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990 dc483132-0cff-0310-8789-dd5450dbe970