(tgs_check_authenticator): RFC1510 doesn't say that the checksum has

to be keyed, even though later drafts do. Accept unkeyed checksums to be compatible with MIT. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4213 ec53bebd-3082-4978-b11e-865c3cabbd6b
1997-12-17 01:34:25 +00:00
parent 54a969bca0
commit 33247b6276
1 changed files with 10 additions and 2 deletions
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -996,8 +996,16 @@ tgs_check_authenticator(krb5_auth_context ac,
 	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
 	goto out;
    }
-    if (!krb5_checksum_is_keyed(auth->cksum->cksumtype)
-	|| !krb5_checksum_is_collision_proof(auth->cksum->cksumtype)) {
+    /*
+     * according to RFC1510 it doesn't need to be keyed,
+     * but according to the latest draft it needs to.
+     */
+    if (
+#if 0
+!krb5_checksum_is_keyed(auth->cksum->cksumtype)
+	||
+#endif
+ !krb5_checksum_is_collision_proof(auth->cksum->cksumtype)) {
 	kdc_log(0, "Bad checksum type in authenticator: %d", 
 		auth->cksum->cksumtype);
 	ret =  KRB5KRB_AP_ERR_INAPP_CKSUM;