- markus@cvs.openbsd.org 2002/09/23 22:11:05

     [monitor.c]
     only call auth_krb5 if kerberos is enabled; ok deraadt@

2 files changed, 7 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index c31b577d6..18dbc784b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
      [canohost.c]
      change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
      non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
+   - markus@cvs.openbsd.org 2002/09/23 22:11:05
+     [monitor.c]
+     only call auth_krb5 if kerberos is enabled; ok deraadt@
 
 20020923
  - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
@@ -703,4 +706,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2477 2002/09/25 02:19:08 djm Exp $
+$Id: ChangeLog,v 1.2478 2002/09/25 02:19:39 djm Exp $
diff --git a/monitor.c b/monitor.c
index 69445ee25..69a51fc98 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.26 2002/09/09 14:54:15 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.27 2002/09/23 22:11:05 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -1299,7 +1299,8 @@ mm_answer_krb5(int socket, Buffer *m)
         tkt.data = buffer_get_string(m, &len);
         tkt.length = len;
 
-        success = auth_krb5(authctxt, &tkt, &client_user, &reply);
+        success = (options.kerberos_authentication == 1) &&
+            auth_krb5(authctxt, &tkt, &client_user, &reply);
 
         if (tkt.length)
                 xfree(tkt.data);