diff options
author | Damien Miller <djm@mindrot.org> | 2000-08-18 13:59:06 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-08-18 13:59:06 +1000 |
commit | 942da039d2a05e6f491883f50b516175a6dbb20f (patch) | |
tree | 0ac91ba19e494a3cb054d34db0c3b65660bd7375 /auth-krb4.c | |
parent | 11fa2cc3839b1e7fed1d85aa1158cce4d498bc58 (diff) |
- (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org 2000/07/22 03:14:37
[servconf.c servconf.h sshd.8 sshd.c sshd_config]
random early drop; ok theo, niels
- deraadt@cvs.openbsd.org 2000/07/26 11:46:51
[ssh.1]
typo
- deraadt@cvs.openbsd.org 2000/08/01 11:46:11
[sshd.8]
many fixes from pepper@mail.reppep.com
- provos@cvs.openbsd.org 2000/08/01 13:01:42
[Makefile.in util.c aux.c]
rename aux.c to util.c to help with cygwin port
- deraadt@cvs.openbsd.org 2000/08/02 00:23:31
[authfd.c]
correct sun_len; Alexander@Leidinger.net
- provos@cvs.openbsd.org 2000/08/02 10:27:17
[readconf.c sshd.8]
disable kerberos authentication by default
- provos@cvs.openbsd.org 2000/08/02 11:27:05
[sshd.8 readconf.c auth-krb4.c]
disallow kerberos authentication if we can't verify the TGT; from
dugsong@
kerberos authentication is on by default only if you have a srvtab.
- markus@cvs.openbsd.org 2000/08/04 14:30:07
[auth.c]
unused
- markus@cvs.openbsd.org 2000/08/04 14:30:35
[sshd_config]
MaxStartups
- markus@cvs.openbsd.org 2000/08/15 13:20:46
[authfd.c]
cleanup; ok niels@
- markus@cvs.openbsd.org 2000/08/17 14:05:10
[session.c]
cleanup login(1)-like jobs, no duplicate utmp entries
- markus@cvs.openbsd.org 2000/08/17 14:06:34
[session.c sshd.8 sshd.c]
sshd -u len, similar to telnetd
Diffstat (limited to 'auth-krb4.c')
-rw-r--r-- | auth-krb4.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/auth-krb4.c b/auth-krb4.c index e32089b74..ae2b2a3d8 100644 --- a/auth-krb4.c +++ b/auth-krb4.c | |||
@@ -9,7 +9,7 @@ | |||
9 | #include "ssh.h" | 9 | #include "ssh.h" |
10 | #include "servconf.h" | 10 | #include "servconf.h" |
11 | 11 | ||
12 | RCSID("$OpenBSD: auth-krb4.c,v 1.15 2000/06/22 23:54:59 djm Exp $"); | 12 | RCSID("$OpenBSD: auth-krb4.c,v 1.16 2000/08/02 17:27:04 provos Exp $"); |
13 | 13 | ||
14 | #ifdef KRB4 | 14 | #ifdef KRB4 |
15 | char *ticket = NULL; | 15 | char *ticket = NULL; |
@@ -82,11 +82,12 @@ auth_krb4_password(struct passwd * pw, const char *password) | |||
82 | if (r == RD_AP_UNDEC) { | 82 | if (r == RD_AP_UNDEC) { |
83 | /* | 83 | /* |
84 | * Probably didn't have a srvtab on | 84 | * Probably didn't have a srvtab on |
85 | * localhost. Allow login. | 85 | * localhost. Disallow login. |
86 | */ | 86 | */ |
87 | log("Kerberos V4 TGT for %s unverifiable, " | 87 | log("Kerberos V4 TGT for %s unverifiable, " |
88 | "no srvtab installed? krb_rd_req: %s", | 88 | "no srvtab installed? krb_rd_req: %s", |
89 | pw->pw_name, krb_err_txt[r]); | 89 | pw->pw_name, krb_err_txt[r]); |
90 | goto kerberos_auth_failure; | ||
90 | } else if (r != KSUCCESS) { | 91 | } else if (r != KSUCCESS) { |
91 | log("Kerberos V4 %s ticket unverifiable: %s", | 92 | log("Kerberos V4 %s ticket unverifiable: %s", |
92 | KRB4_SERVICE_NAME, krb_err_txt[r]); | 93 | KRB4_SERVICE_NAME, krb_err_txt[r]); |
@@ -94,12 +95,13 @@ auth_krb4_password(struct passwd * pw, const char *password) | |||
94 | } | 95 | } |
95 | } else if (r == KDC_PR_UNKNOWN) { | 96 | } else if (r == KDC_PR_UNKNOWN) { |
96 | /* | 97 | /* |
97 | * Allow login if no rcmd service exists, but | 98 | * Disallow login if no rcmd service exists, and |
98 | * log the error. | 99 | * log the error. |
99 | */ | 100 | */ |
100 | log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " | 101 | log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
101 | "not registered, or srvtab is wrong?", pw->pw_name, | 102 | "not registered, or srvtab is wrong?", pw->pw_name, |
102 | krb_err_txt[r], KRB4_SERVICE_NAME, phost); | 103 | krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
104 | goto kerberos_auth_failure; | ||
103 | } else { | 105 | } else { |
104 | /* | 106 | /* |
105 | * TGT is bad, forget it. Possibly spoofed! | 107 | * TGT is bad, forget it. Possibly spoofed! |