From: Richard Basch <probe@mit.edu>
Date: Sun, 21 Apr 1996 16:55:40 +0000 (+0000)
Subject: 	* krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
X-Git-Tag: krb5-1.0-beta6~186
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9eada0d3f0b3773fb2dd2f221d9a12ec8c550cb6;p=krb5.git

	* krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
	defined, incorrect messages were being displayed for V4 clients.
	Additionally, various errors were not being displayed with the
	trailing newline.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7852 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 5258ed76c..944c04a9c 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,10 @@
+Sun Apr 21 12:52:35 1996  Richard Basch  <basch@lehman.com>
+
+	* krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
+	defined, incorrect messages were being displayed for V4 clients.
+	Additionally, various errors were not being displayed with the
+	trailing newline.
+
 Sun Apr 21 00:30:28 1996  Sam Hartman  <hartmans@mit.edu>
 
 	* krshd.c krlogind.c: Implement -i.  Rewrite error message having
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 7445f3980..c64f20381 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1000,7 +1000,9 @@ void doit(f, fromp)
 		       "Principal %s (%s@%s) for local user %s failed krb5_kuserok.\n",
 		       kremuser, remuser, hostname, locuser);
 	    }
-	    else auth_sent |= AUTH_KRB5;
+	    else
+		auth_sent |=
+		    ((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5);
 	}
 
 	
@@ -1027,7 +1029,7 @@ void doit(f, fromp)
     if (checksum_required && !valid_checksum) {
 	if (auth_sent & AUTH_KRB5) {
 	    syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected.");
-	    error( "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
+	    error( "You are using an old Kerberos5 client without checksum support; only newer clients are authorized.\n");
 	    goto signout_please;
 	} else {
 	    syslog(LOG_WARNING,
@@ -1035,12 +1037,15 @@ void doit(f, fromp)
 	}
     }
     if (require_encrypt&&(!do_encrypt)) {
-	    error("You must use encryption.");
-	    goto signout_please;
+	error("You must use encryption.\n");
+	goto signout_please;
     }
     if (!(auth_ok&auth_sent)) {
-      error("Permission denied.");
-      goto signout_please;
+	if (auth_sent)
+	    error("Another authentication mechanism must be used to access this host.\n");
+	else
+	    error("Permission denied.\n");
+	goto signout_please;
     }
     
     if (pwd->pw_uid && !access("/etc/nologin", F_OK)) {