2 files changed, 11 insertions, 3 deletions

diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index 2c7c36b63..21fa61c27 100644
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,8 @@
+Thu Apr 18 16:33:42 1996  Sam Hartman  <hartmans@mit.edu>
+
+	* state.c (suboption): Don't accept authentication suboptions after authentication negotiation complete. 
+	(envvarok):  exclude KRB5_KTNAME and KRB5CCNAME
+
 Tue Apr 16 12:23:02 1996  Sam Hartman  <hartmans@mit.edu>
 
 	* configure.in : Treat HPUX as if it doesn't have streams.
diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
index 0f19371ce..2faed7198 100644
--- a/src/appl/telnet/telnetd/state.c
+++ b/src/appl/telnet/telnetd/state.c
@@ -1476,10 +1476,12 @@ sb_auth_complete();
 		 */
 		break;
 	case TELQUAL_IS:
-		auth_is(subpointer, SB_LEN());
+	  if (!auth_negotiated)
+  auth_is(subpointer, SB_LEN());
 		break;
 	case TELQUAL_NAME:
-		auth_name(subpointer, SB_LEN());
+	  if (!auth_negotiated)
+  auth_name(subpointer, SB_LEN());
 		break;
 	}
 	break;
@@ -1640,11 +1642,12 @@ send_status()
 }
 
 static int envvarok(varp)
-char *varp;
+  char *varp;
 {
     if (!strncmp(varp, "LD_", 3) || !strncmp(varp, "_RLD_", 5) ||
 	!strncmp(varp, "ELF_LD_", 7) || !strncmp(varp, "AOUT_LD_", 8) ||
         !strcmp(varp, "LIBPATH") || !strcmp(varp, "IFS") ||
+!strcmp(varp, "KRB5_KTNAME")|| !strcmp(varp, "KRB5CCNAME")||
 	strchr(varp, '='))
     {
 	syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp);