summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/kdc/kdc_preauth_ec.c7
-rw-r--r--src/kdc/kdc_preauth_encts.c6
2 files changed, 11 insertions, 2 deletions
diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c
index 7acd99a24..720fefa43 100644
--- a/src/kdc/kdc_preauth_ec.c
+++ b/src/kdc/kdc_preauth_ec.c
@@ -40,7 +40,12 @@ ec_edata(krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_edata_respond_fn respond, void *arg)
{
krb5_keyblock *armor_key = cb->fast_armor(context, rock);
- (*respond)(arg, (armor_key == NULL) ? ENOENT : 0, NULL);
+
+ /* Encrypted challenge only works with FAST, and requires a client key. */
+ if (armor_key == NULL || !cb->have_client_keys(context, rock))
+ (*respond)(arg, ENOENT, NULL);
+ else
+ (*respond)(arg, 0, NULL);
}
static void
diff --git a/src/kdc/kdc_preauth_encts.c b/src/kdc/kdc_preauth_encts.c
index 83c6bf1a2..65f7c3629 100644
--- a/src/kdc/kdc_preauth_encts.c
+++ b/src/kdc/kdc_preauth_encts.c
@@ -36,7 +36,11 @@ enc_ts_get(krb5_context context, krb5_kdc_req *request,
{
krb5_keyblock *armor_key = cb->fast_armor(context, rock);
- (*respond)(arg, (armor_key != NULL) ? ENOENT : 0, NULL);
+ /* Encrypted timestamp must not be used with FAST, and requires a key. */
+ if (armor_key != NULL || !cb->have_client_keys(context, rock))
+ (*respond)(arg, ENOENT, NULL);
+ else
+ (*respond)(arg, 0, NULL);
}
static void
generated by cgit (git 2.34.1) at 2025-09-24 21:12:32 +0000