data from the client was of an unknown type, and the principal does
not require preauth, then the preauth should be disregarded.
[krb5-kdc/652]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11130
dc483132-0cff-0310-8789-
dd5450dbe970
+1998-12-17 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * kdc_preauth.c (check_padata): If preauth fails because the
+ preauth data from the client was of an unknown type, and
+ the principal does not require preauth, then the preauth
+ should be disregarded. [krb5-kdc/652]
+
Mon Jan 4 23:50:45 1999 Tom Yu <tlyu@mit.edu>
* configure.in (withval): Conditinalize ATHENA_DES3_KLUDGE on
}
if (pa_ok)
return 0;
+
+ /* pa system was not found, but principal doesn't require preauth */
+ if (!pa_found &&
+ !isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) &&
+ !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH))
+ return 0;
+
if (!pa_found)
com_err("krb5kdc", retval, "no valid preauth type found");
return KRB5KDC_ERR_PREAUTH_FAILED;