diff options
author | Damien Miller <djm@mindrot.org> | 2013-10-24 10:53:02 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-10-24 10:53:02 +1100 |
commit | 8f1873191478847773906af961c8984d02a49dd6 (patch) | |
tree | 74370f87a558e881112d853f27421fe98a5a3cba | |
parent | 5b01b0dcb417eb615df77e7ce1b59319bf04342c (diff) | |
download | openssh-git-8f1873191478847773906af961c8984d02a49dd6.tar.gz |
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth-krb5.c | 3 |
2 files changed, 7 insertions, 1 deletions
@@ -1,3 +1,8 @@ +20131024 + - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check + rather than full client name which may be of form user@REALM; + patch from Miguel Sanders; ok dtucker@ + 20131023 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2013/10/20 04:39:28 diff --git a/auth-krb5.c b/auth-krb5.c index 7c83f597..6c62bdf5 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -157,7 +157,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->pw->pw_name)) { problem = -1; goto out; } |