diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/kdc/ChangeLog | 4 | ||||
-rw-r--r-- | src/kdc/kdc_preauth.c | 10 |
2 files changed, 13 insertions, 1 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 498a1efa19..22be4d31b5 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,7 @@ +2003-01-21 Sam Hartman <hartmans@mit.edu> + + * kdc_preauth.c (check_padata): Permit returning KRB5KRB_AP_ERR_SKEW + 2003-01-12 Ezra Peisach <epeisach@bu.edu> * kdc_util.h, replay.c, main.c: Pass global krb5_context to diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 7c0c3f24f0..1087e76c0a 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -358,7 +358,15 @@ check_padata (krb5_context context, krb5_db_entry *client, if (!pa_found) krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s", error_message (retval)); - return KRB5KDC_ERR_PREAUTH_FAILED; +/* The following switch statement allows us + * to return some preauth system errors back to the client. + */ + switch(retval) { + case KRB5KRB_AP_ERR_SKEW: + return retval; + default: + return KRB5KDC_ERR_PREAUTH_FAILED; + } } /* |