From 68e3f0d96ac404a2abdcc4f975b4d9ce088b0eca Mon Sep 17 00:00:00 2001
From: "John E. Rollinson" <j.e.rollinson@gmail.com>
Date: Sun, 29 Jan 2017 09:39:40 +0900
Subject: [PATCH] Ensure TGS req does not stomp out AP data

---
 scripts/base/protocols/krb/main.bro | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.bro
index 13200a559e..fc6abc5bff 100644
--- a/scripts/base/protocols/krb/main.bro
+++ b/scripts/base/protocols/krb/main.bro
@@ -164,9 +164,16 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
 		return;
 
 	local info: Info;
-	info$ts  = network_time();
-	info$uid = c$uid;
-	info$id  = c$id;
+
+	if ( !c?$krb )
+		{
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+		}
+	else
+		info = c$krb;
+
 	info$request_type = "TGS";
 	info$service = msg$service_name;
 	if ( msg?$from ) info$from = msg$from;