svn rev #21725: trunk/src/kdc/
hartmans@MIT.EDU
hartmans at MIT.EDU
Mon Jan 12 14:43:08 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21725
Commit By: hartmans
Log Message:
Restore behavior of returning KRB5APP_ERR_BAD_INTEGRITY from
preauth methods.
This creates a problem for Windows clients, but not doing it creates a problem for MIT clients.
Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail.
Changed Files:
U trunk/src/kdc/kdc_preauth.c
Modified: trunk/src/kdc/kdc_preauth.c
===================================================================
--- trunk/src/kdc/kdc_preauth.c 2009-01-12 19:40:37 UTC (rev 21724)
+++ trunk/src/kdc/kdc_preauth.c 2009-01-12 19:43:07 UTC (rev 21725)
@@ -1156,6 +1156,7 @@
*/
switch(retval) {
case 0: /* in case of PA-PAC-REQUEST with no PA-ENC-TIMESTAMP */
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
case KRB5KRB_AP_ERR_SKEW:
case KRB5KDC_ERR_ETYPE_NOSUPP:
/* rfc 4556 */
@@ -1179,7 +1180,6 @@
/* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
/* case KRB5KDC_ERR_KEY_TOO_WEAK: */
return retval;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
default:
return KRB5KDC_ERR_PREAUTH_FAILED;
}
More information about the cvs-krb5
mailing list