krb5_child: Initialize REALM earlier
Environment variable SSSD_KRB5_REALM was used to late for initialisation
realm. and therefore default value NULL was used.
The SSSD_KRB5_REALM (kr->realm) was used as fast_principal_realm for checking
fast cache: privileged_krb5_setup -> k5c_setup_fast -> check_fast_ccache
And therefore wrong principal was used when the option krb5_fast_principal is
empty.
[find_principal_in_keytab] (0x4000): Trying to find principal (null)@(null) in keytab.
[match_principal] (0x1000): Principal matched to the sample ((null)@(null)).
[get_tgt_times] (0x1000): FAST ccache must be recreated
[get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
[get_tgt_times] (0x0020): 1688: [-1765328243][Matching credential not found]
[check_fast_ccache] (0x0040): Valid FAST TGT not found after attempting to renew it
[k5c_setup_fast] (0x0020): check_fast_ccache failed.
[k5c_setup_fast] (0x0020): 1956: [1432158213][Unknown code UUz 5]
[privileged_krb5_setup] (0x0040): Cannot set up FAST
[main] (0x0020): privileged_krb5_setup failed.
[main] (0x0020): krb5_child failed!
As a result of this user was not able to authenticate.
Resolves:
https://fedorahosted.org/sssd/ticket/2526
Reviewed-by: Sumit Bose <sbose@redhat.com>