From be974ccede7b6d3d523784a2dac9773a3c97af1d Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 27 Jan 1999 05:22:07 +0000 Subject: [PATCH] kdc_preauth.c (check_padata): If preauth fails because the preauth data from the client was of an unknown type, and the principal does not require preauth, then the preauth should be disregarded. [krb5-kdc/652] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11130 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/ChangeLog | 7 +++++++ src/kdc/kdc_preauth.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 861585654..d593227df 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,10 @@ +1998-12-17 Theodore Ts'o + + * kdc_preauth.c (check_padata): If preauth fails because the + preauth data from the client was of an unknown type, and + the principal does not require preauth, then the preauth + should be disregarded. [krb5-kdc/652] + Mon Jan 4 23:50:45 1999 Tom Yu * configure.in (withval): Conditinalize ATHENA_DES3_KLUDGE on diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 0324694a2..d1b1b3637 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -301,6 +301,13 @@ check_padata (context, client, request, enc_tkt_reply) } if (pa_ok) return 0; + + /* pa system was not found, but principal doesn't require preauth */ + if (!pa_found && + !isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) && + !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH)) + return 0; + if (!pa_found) com_err("krb5kdc", retval, "no valid preauth type found"); return KRB5KDC_ERR_PREAUTH_FAILED; -- 2.26.2