diff options
-rw-r--r-- | src/kdc/ChangeLog | 4 | ||||
-rw-r--r-- | src/kdc/kdc_util.c | 9 |
2 files changed, 7 insertions, 6 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 04af11ea7..ed48e562b 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,7 @@ +2004-02-06 Sam Hartman <hartmans@avalanche-breakdown.mit.edu> + + * kdc_util.c: Ignore unknown TGS options + 2004-01-05 Sam Hartman <hartmans@mit.edu> * kerberos_v4.c (kerberos_v4): Only backdate the rquest in the diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index f0baf474f..4e2b26d42 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1113,13 +1113,10 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, int st_idx = 0; /* - * If an illegal option is set, complain. + * If an illegal option is set, ignore it. */ - if (request->kdc_options & ~(TGS_OPTIONS_HANDLED)) { - *status = "INVALID TGS OPTIONS"; - return KDC_ERR_BADOPTION; - } - + request->kdc_options &= ~(TGS_OPTIONS_HANDLED); + /* Check to see if server has expired */ if (server.expiration && server.expiration < kdc_time) { *status = "SERVICE EXPIRED"; |