Restore behavior of returning KRB5APP_ERR_BAD_INTEGRITY from

preauth methods.
This creates a problem for Windows clients, but not doing it creates a problem for MIT clients.
Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21725 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 1 insertions, 1 deletions

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 8ea296940..6ec156440 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1156,6 +1156,7 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
      */
     switch(retval) {
     case 0: /* in case of PA-PAC-REQUEST with no PA-ENC-TIMESTAMP */
+    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
     case KRB5KRB_AP_ERR_SKEW:
     case KRB5KDC_ERR_ETYPE_NOSUPP:
     /* rfc 4556 */
@@ -1179,7 +1180,6 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
     /* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
     /* case KRB5KDC_ERR_KEY_TOO_WEAK: */
 	return retval;
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
     default:
 	return KRB5KDC_ERR_PREAUTH_FAILED;
     }