don't enable GSSEAP_CREDS hack unless using default identity

diff --git a/util_cred.c b/util_cred.c
index a2a01ba..3b06a53 100644 (file)
--- a/util_cred.c
+++ b/util_cred.c
@@ -200,6 +200,7 @@ gssEapAcquireCred(OM_uint32 *minor,
 
 #ifdef GSSEAP_DEBUG
     if (password == GSS_C_NO_BUFFER &&
+        (cred->flags & CRED_FLAG_DEFAULT_IDENTITY) &&
         (envPassword.value = getenv("GSSEAP_CREDS")) != NULL) {
         envPassword.length = strlen((char *)envPassword.value);
         major = duplicateBuffer(minor, &envPassword, &cred->password);