From: Sam Hartman Date: Thu, 7 Jan 2010 18:32:15 +0000 (+0000) Subject: Always treat anonymous as preauth required X-Git-Tag: krb5-1.9-beta1~398 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7f6947ecb4c919e7970337e7bfccae053e19b0b4;p=krb5.git Always treat anonymous as preauth required Always treat the WELLKNOWN/ANONYMOUS principal as requiring pre-authentication. The anonymous draft depends on a pre-auth exchange to invoke pkinit. ticket: 6623 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23603 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 55493ba77..83d3101b6 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -407,6 +407,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } enc_tkt_reply.client = request->client; + setflag(client.attributes, KRB5_KDB_REQUIRES_PRE_AUTH); } /* * Check the preauthentication if it is there.