Bug 180718

+++ This bug was initially created as a clone of Bug #180671 +++

Description of problem:

The krb5 client library returns an unexpected error when a lookup fails:

$ ./ldap_krb5
DEBUG realm REDHAT.COM
DEBUG in_tkt: krbtgt/REDHAT.COM@REDHAT.COM
CRIT lookup(ldap): krb5_get_init_creds_keytab failed with Cannot find KDC for
requested realm.

When adding the following to the krb5.conf, the error message changes:

  master_kdc = kerberos.corp.redhat.com

The error returned is now this:

$ ./ldap_krb5
DEBUG realm REDHAT.COM
DEBUG in_tkt: krbtgt/REDHAT.COM@REDHAT.COM
CRIT lookup(ldap): krb5_get_init_creds_keytab failed with Client not found in
Kerberos database.

Version-Release number of selected component (if applicable):
krb5-devel-1.3.4-9

How reproducible:
100%

Steps to Reproduce:
Install the following krb5.conf:
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = REDHAT.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 EXAMPLE.COM = {
  kdc = kerberos.example.com:88
  admin_server = kerberos.example.com:749
  default_domain = example.com
 }

 REDHAT.COM = {
  kdc = kerberos.boston.redhat.com:88
  admin_server = kerberos.corp.redhat.com:749
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM
 .redhat.com = REDHAT.COM
 redhat.com = REDHAT.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Then, try to lookup a principal that doesn't exist, such as
host/segfault.boston.redhat.com@REDHAT.COM.  This can be reproduced by issuing
the following command on segfault:

$ kinit -k

If the following is specified, in the krb5.conf, then the "correct" error is
returned:

  master_kdc = kerberos.corp.redhat.com

$ kinit -k
kinit(v5): Client not found in Kerberos database while getting initial credentials