===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/passwd/Attic/krb5_passwd.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- src/usr.bin/passwd/Attic/krb5_passwd.c	2004/09/18 19:33:58	1.7
+++ src/usr.bin/passwd/Attic/krb5_passwd.c	2006/01/22 06:04:28	1.8
@@ -65,7 +65,13 @@
 	char pwbuf[BUFSIZ];
 	krb5_creds cred;
 	int result_code;
+	uid_t uid;
 
+	uid = getuid();
+	if (setresuid(uid, uid, uid)) {
+		errx(1, "can't drop privileges\n");
+	}
+
 	krb5_get_init_creds_opt_init (&opt);
 
 	krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
@@ -78,10 +84,13 @@
 
 	if (argv[0]) {
 		ret = krb5_parse_name(context, argv[0], &principal);
-	if (ret)
-		krb5_err(context, 1, ret, "krb5_parse_name");
-	} else
-		principal = NULL;
+		if (ret)
+			krb5_err(context, 1, ret, "krb5_parse_name");
+	} else {
+		ret = krb5_get_default_principal (context, &principal);
+		if (ret)
+			krb5_err (context, 1, ret, "krb5_get_default_principal");
+        }
 
 	ret = krb5_get_init_creds_password (context, &cred,
 	    principal, NULL, krb5_prompter_posix, NULL, 0,