preauth methods.
This creates a problem for Windows clients, but not doing it creates a problem for MIT clients.
Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21725
dc483132-0cff-0310-8789-
dd5450dbe970
*/
switch(retval) {
case 0: /* in case of PA-PAC-REQUEST with no PA-ENC-TIMESTAMP */
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
case KRB5KRB_AP_ERR_SKEW:
case KRB5KDC_ERR_ETYPE_NOSUPP:
/* rfc 4556 */
/* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
/* case KRB5KDC_ERR_KEY_TOO_WEAK: */
return retval;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
default:
return KRB5KDC_ERR_PREAUTH_FAILED;
}