svn rev #21555: branches/mskrb-integ/src/kdc/

[lhoward@MIT.EDU]

http://src.mit.edu/fisheye/changelog/krb5/?cs=21555
Commit By: lhoward
Log Message:
OK, back out r21552, we should never return referrals if canonicalize
flag was unset. If the backend wants to violate this it should do it
itself.



Changed Files:
U   branches/mskrb-integ/src/kdc/do_tgs_req.c
Modified: branches/mskrb-integ/src/kdc/do_tgs_req.c
===================================================================
--- branches/mskrb-integ/src/kdc/do_tgs_req.c	2008-12-20 01:51:19 UTC (rev 21554)
+++ branches/mskrb-integ/src/kdc/do_tgs_req.c	2008-12-20 02:11:58 UTC (rev 21555)
@@ -195,18 +195,9 @@
     nprincs = 1;
     if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) {
 	setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
+	setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
     }
 
-    /*
-     * TGS-REP canonicalization matches Windows 2003 rather
-     * than Windows 2000. This means that we should indicate
-     * to the backend to always return referrals by setting
-     * KDB_FLAG_CANONICALIZE, and we should also always
-     * return the requested SPN in the reply regardless of
-     * whether KDC_OPT_CANONICALIZE was set or not.
-     */
-    setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
-
     errcode = krb5_db_get_principal_ext(kdc_context,
 					request->server,
 					s_flags,