Avoid looping when preauth can't be generated
authorGreg Hudson <ghudson@mit.edu>
Fri, 11 Nov 2011 17:01:12 +0000 (17:01 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 11 Nov 2011 17:01:12 +0000 (17:01 +0000)
commitda7e5ac4cfb7fba11c849197a5bf1fa6e0cda37d
tree965469afc561830fccfef7bad98e7255ede7e904
parent6aff398f9eead4c619d20a55e0c72459b7e1ef51
Avoid looping when preauth can't be generated

If we receive a PREAUTH_REQUIRED error and fail to generate any real
preauthentication, error out immediately instead of continuing to
generate non-preauthenticated requests until we hit the loop count.

There is a lot of room to generate a more meaningful error about why
we failed to generate preauth (although in many cases the answer may
be too complicated to explain in an error message), but that requires
more radical restructuring of the preauth framework.

ticket: 6430
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25469 dc483132-0cff-0310-8789-dd5450dbe970
src/include/k5-int.h
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/init_creds_ctx.h
src/lib/krb5/krb/preauth2.c