gss_krb5_import_cred fails for Samba

[Greg Hudson]

On Fri, 2011-07-22 at 20:14 -0400, Andrew Bartlett wrote:
> This case is where the principal is specified, and the incoming GSSAPI
> request has the same key and knvo, but a different server name?

Contrary to what Luke says, I would expect this to work out of the box
in krb5 1.9.  If you look at the logic of
krb5_rd_req_decrypt_tkt_part() in rd_req_dec.c, you'll see that if
server != NULL, we look up server in the keytab and ignore
req->ticket->server.

So, if that's not happening, we'll need further debugging to figure out
why not.