- markus@cvs.openbsd.org 2002/09/24 08:46:04

     [monitor.c]
     only call kerberos code for authctxt->valid

2 files changed, 7 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 18dbc784b..f6aa78cee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
    - markus@cvs.openbsd.org 2002/09/23 22:11:05
      [monitor.c]
      only call auth_krb5 if kerberos is enabled; ok deraadt@
+   - markus@cvs.openbsd.org 2002/09/24 08:46:04
+     [monitor.c]
+     only call kerberos code for authctxt->valid
 
 20020923
  - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
@@ -706,4 +709,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2478 2002/09/25 02:19:39 djm Exp $
+$Id: ChangeLog,v 1.2479 2002/09/25 02:20:17 djm Exp $
diff --git a/monitor.c b/monitor.c
index 69a51fc98..e07e97eac 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.27 2002/09/23 22:11:05 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -1299,7 +1299,8 @@ mm_answer_krb5(int socket, Buffer *m)
         tkt.data = buffer_get_string(m, &len);
         tkt.length = len;
 
-        success = (options.kerberos_authentication == 1) &&
+        success = options.kerberos_authentication &&
+            authctxt->valid &&
             auth_krb5(authctxt, &tkt, &client_user, &reply);
 
         if (tkt.length)