#
# This change allows for case insenstive comparisons of principals in the keytab
# file.  This is necessary in order to interoperate with old Windows clients
# that use upper case host name components in service principals.
#
# Original BugID is:
# 15592543 SUNBT6885980 Need case-insensitive keytab lookups for MS interop
#
# Note: In the future, the depedent code (SMB), should construct an acceptor
# name that does not contain the host name component in order perform keytab.
# Refer to the 1.10 feature here:
# 	http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names
# Patch source: in-house
#
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -329,7 +329,21 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
         /* if the principal isn't the one requested, free new_entry
            and continue to the next. */
 
-        if (!krb5_principal_compare(context, principal, new_entry.principal)) {
+	/*
+	 * Solaris Kerberos: MS Interop requires that case insensitive
+	 * comparisons of service and host components are performed for key
+	 * table lookup, etc. Only called if the private environment variable
+	 * MS_INTEROP is defined.
+	 */
+	if (getenv("MS_INTEROP")) {
+	    if (!krb5_principal_compare_flags(context, principal,
+					      new_entry.principal,
+					KRB5_PRINCIPAL_COMPARE_CASEFOLD)) {
+		krb5_kt_free_entry(context, &new_entry);
+		continue;
+	    }
+	} else if (!krb5_principal_compare(context, principal,
+					   new_entry.principal)) {
             krb5_kt_free_entry(context, &new_entry);
             continue;
         }