Allow the KDC to return bad integrity errors to the client on preauth

author Sam Hartman <hartmans@mit.edu>

Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)

committer Sam Hartman <hartmans@mit.edu>

Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)
author Sam Hartman <hartmans@mit.edu>
Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)
committer Sam Hartman <hartmans@mit.edu>
Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog

index 64fbb48441df96a71963d2d3590130ea2e6af9b3..e4cbd7330688f4b1e4d284bc2aef15e735c40e0e 100644 (file)
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,7 @@
+2003-05-14  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (check_padata): Allow bad_integrity to be returned to a client
+
  2003-05-08  Sam Hartman  <hartmans@mit.edu>
  
         * kdc_preauth.c (return_pw_salt): Don't return pw-salt if the
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c

index 31e6f470578eb5ab1208425a0e4954d9d19f4ee9..963a25b7b20b5cdc7804255c9af6fe823a305489 100644 (file)
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -384,6 +384,7 @@ check_padata (krb5_context context, krb5_db_entry *client,
   * to return some preauth system errors back to the client.
   */
          switch(retval) {
+       case KRB5KRB_AP_ERR_BAD_INTEGRITY:
      case KRB5KRB_AP_ERR_SKEW:
         return retval;
      default:
author	Sam Hartman <hartmans@mit.edu>
	Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)
committer	Sam Hartman <hartmans@mit.edu>
	Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)
src/kdc/ChangeLog		patch \| blob \| history
src/kdc/kdc_preauth.c		patch \| blob \| history