* krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
authorRichard Basch <probe@mit.edu>
Sun, 21 Apr 1996 16:55:40 +0000 (16:55 +0000)
committerRichard Basch <probe@mit.edu>
Sun, 21 Apr 1996 16:55:40 +0000 (16:55 +0000)
defined, incorrect messages were being displayed for V4 clients.
Additionally, various errors were not being displayed with the
trailing newline.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7852 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/bsd/ChangeLog
src/appl/bsd/krshd.c

index 5258ed76ce08d70bdf7bda1b507fdd02079e9d39..944c04a9c152fbdbac0c8b25cdd989a0a024cc21 100644 (file)
@@ -1,3 +1,10 @@
+Sun Apr 21 12:52:35 1996  Richard Basch  <basch@lehman.com>
+
+       * krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
+       defined, incorrect messages were being displayed for V4 clients.
+       Additionally, various errors were not being displayed with the
+       trailing newline.
+
 Sun Apr 21 00:30:28 1996  Sam Hartman  <hartmans@mit.edu>
 
        * krshd.c krlogind.c: Implement -i.  Rewrite error message having
index 7445f3980d5ce5d28c2081ff89f9c08f5df4b017..c64f20381b2cfcef5e00f21d3cb7562b176435e9 100644 (file)
@@ -1000,7 +1000,9 @@ void doit(f, fromp)
                       "Principal %s (%s@%s) for local user %s failed krb5_kuserok.\n",
                       kremuser, remuser, hostname, locuser);
            }
-           else auth_sent |= AUTH_KRB5;
+           else
+               auth_sent |=
+                   ((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
        }
 
        
@@ -1027,7 +1029,7 @@ void doit(f, fromp)
     if (checksum_required && !valid_checksum) {
        if (auth_sent & AUTH_KRB5) {
            syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected.");
-           error( "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
+           error( "You are using an old Kerberos5 client without checksum support; only newer clients are authorized.\n");
            goto signout_please;
        } else {
            syslog(LOG_WARNING,
@@ -1035,12 +1037,15 @@ void doit(f, fromp)
        }
     }
     if (require_encrypt&&(!do_encrypt)) {
-           error("You must use encryption.");
-           goto signout_please;
+       error("You must use encryption.\n");
+       goto signout_please;
     }
     if (!(auth_ok&auth_sent)) {
-      error("Permission denied.");
-      goto signout_please;
+       if (auth_sent)
+           error("Another authentication mechanism must be used to access this host.\n");
+       else
+           error("Permission denied.\n");
+       goto signout_please;
     }
     
     if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {