diff options
Diffstat (limited to 'src/kdc/kdc_preauth.c')
-rw-r--r-- | src/kdc/kdc_preauth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 0324694a2e..d1b1b36376 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -301,6 +301,13 @@ check_padata (context, client, request, enc_tkt_reply) } if (pa_ok) return 0; + + /* pa system was not found, but principal doesn't require preauth */ + if (!pa_found && + !isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) && + !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH)) + return 0; + if (!pa_found) com_err("krb5kdc", retval, "no valid preauth type found"); return KRB5KDC_ERR_PREAUTH_FAILED; |