summaryrefslogtreecommitdiff
path: root/auth-krb4.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-08-18 13:59:06 +1000
committerDamien Miller <djm@mindrot.org>2000-08-18 13:59:06 +1000
commit942da039d2a05e6f491883f50b516175a6dbb20f (patch)
tree0ac91ba19e494a3cb054d34db0c3b65660bd7375 /auth-krb4.c
parent11fa2cc3839b1e7fed1d85aa1158cce4d498bc58 (diff)
- (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 [ssh.1] typo - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 [sshd.8] many fixes from pepper@mail.reppep.com - provos@cvs.openbsd.org 2000/08/01 13:01:42 [Makefile.in util.c aux.c] rename aux.c to util.c to help with cygwin port - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 [authfd.c] correct sun_len; Alexander@Leidinger.net - provos@cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos@cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus@cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus@cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus@cvs.openbsd.org 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - markus@cvs.openbsd.org 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - markus@cvs.openbsd.org 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd
Diffstat (limited to 'auth-krb4.c')
-rw-r--r--auth-krb4.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/auth-krb4.c b/auth-krb4.c
index e32089b7..ae2b2a3d 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -9,7 +9,7 @@
#include "ssh.h"
#include "servconf.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.15 2000/06/22 23:54:59 djm Exp $");
+RCSID("$OpenBSD: auth-krb4.c,v 1.16 2000/08/02 17:27:04 provos Exp $");
#ifdef KRB4
char *ticket = NULL;
@@ -82,11 +82,12 @@ auth_krb4_password(struct passwd * pw, const char *password)
if (r == RD_AP_UNDEC) {
/*
* Probably didn't have a srvtab on
- * localhost. Allow login.
+ * localhost. Disallow login.
*/
log("Kerberos V4 TGT for %s unverifiable, "
"no srvtab installed? krb_rd_req: %s",
pw->pw_name, krb_err_txt[r]);
+ goto kerberos_auth_failure;
} else if (r != KSUCCESS) {
log("Kerberos V4 %s ticket unverifiable: %s",
KRB4_SERVICE_NAME, krb_err_txt[r]);
@@ -94,12 +95,13 @@ auth_krb4_password(struct passwd * pw, const char *password)
}
} else if (r == KDC_PR_UNKNOWN) {
/*
- * Allow login if no rcmd service exists, but
+ * Disallow login if no rcmd service exists, and
* log the error.
*/
log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s "
"not registered, or srvtab is wrong?", pw->pw_name,
krb_err_txt[r], KRB4_SERVICE_NAME, phost);
+ goto kerberos_auth_failure;
} else {
/*
* TGT is bad, forget it. Possibly spoofed!