From c48565831ee3714ee816d5aa9e083ea3fcff403d Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 12 Jan 2009 19:43:07 +0000 Subject: [PATCH] Restore behavior of returning KRB5APP_ERR_BAD_INTEGRITY from preauth methods. This creates a problem for Windows clients, but not doing it creates a problem for MIT clients. Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21725 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/kdc_preauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 8ea296940..6ec156440 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1156,6 +1156,7 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, */ switch(retval) { case 0: /* in case of PA-PAC-REQUEST with no PA-ENC-TIMESTAMP */ + case KRB5KRB_AP_ERR_BAD_INTEGRITY: case KRB5KRB_AP_ERR_SKEW: case KRB5KDC_ERR_ETYPE_NOSUPP: /* rfc 4556 */ @@ -1179,7 +1180,6 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, /* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */ /* case KRB5KDC_ERR_KEY_TOO_WEAK: */ return retval; - case KRB5KRB_AP_ERR_BAD_INTEGRITY: default: return KRB5KDC_ERR_PREAUTH_FAILED; } -- 2.26.2