PAC_CLIENT_INFO principal names do not contain a realm, so parse them
authorGreg Hudson <ghudson@mit.edu>
Mon, 25 Jul 2011 17:54:43 +0000 (17:54 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 25 Jul 2011 17:54:43 +0000 (17:54 +0000)
with the KRB5_PRINCIPAL_PARSE_NO_REALM flag.  Otherwise we'll wind up
using the default realm (and then ignoring it) which fails if one
isn't configured.

ticket: 6934

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25050 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/pac.c

index 7d28c2bc85e2d0982d259abed2243fdf0e0eb2e5..0864d701cc0c86618bce5499282b75f673fe3f2c 100644 (file)
@@ -451,7 +451,8 @@ k5_pac_validate_client(krb5_context context,
     if (ret != 0)
         return ret;
 
-    ret = krb5_parse_name_flags(context, pac_princname, 0, &pac_principal);
+    ret = krb5_parse_name_flags(context, pac_princname,
+                                KRB5_PRINCIPAL_PARSE_NO_REALM, &pac_principal);
     if (ret != 0) {
         free(pac_princname);
         return ret;