kadm5_c_get_principal() should check the return code from kadm5_ret_principal_ent(). As it doesn't it assumes success when there is none and can lead to potential vulnerability. Fix this. Reported by: rtm@csail.mit.edu MFC after: 3 days