+Sun Apr 21 12:52:35 1996 Richard Basch <basch@lehman.com>
+
+ * krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
+ defined, incorrect messages were being displayed for V4 clients.
+ Additionally, various errors were not being displayed with the
+ trailing newline.
+
Sun Apr 21 00:30:28 1996 Sam Hartman <hartmans@mit.edu>
* krshd.c krlogind.c: Implement -i. Rewrite error message having
"Principal %s (%s@%s) for local user %s failed krb5_kuserok.\n",
kremuser, remuser, hostname, locuser);
}
- else auth_sent |= AUTH_KRB5;
+ else
+ auth_sent |=
+ ((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
}
if (checksum_required && !valid_checksum) {
if (auth_sent & AUTH_KRB5) {
syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected.");
- error( "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
+ error( "You are using an old Kerberos5 client without checksum support; only newer clients are authorized.\n");
goto signout_please;
} else {
syslog(LOG_WARNING,
}
}
if (require_encrypt&&(!do_encrypt)) {
- error("You must use encryption.");
- goto signout_please;
+ error("You must use encryption.\n");
+ goto signout_please;
}
if (!(auth_ok&auth_sent)) {
- error("Permission denied.");
- goto signout_please;
+ if (auth_sent)
+ error("Another authentication mechanism must be used to access this host.\n");
+ else
+ error("Permission denied.\n");
+ goto signout_please;
}
if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {