From 6e8a5958283c60bfa37b3b8b45b112c5acf3b847 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 22 Mar 2009 17:21:29 +0000
Subject: [PATCH] Try adapt to timeskrew when we are using pre-auth, and if
 there was a time skew, try again.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24908 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/init_creds_pw.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c
index 859281e52..5dd7a6409 100644
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -1593,6 +1593,18 @@ krb5_init_creds_step(krb5_context context,
 					   N_("Preauth required but no preauth "
 					      "options send by KDC", ""));
 		}
+	    } else if (ret == KRB5KRB_AP_ERR_SKEW && context->kdc_sec_offset == 0) {
+		/* 
+		 * Try adapt to timeskrew when we are using pre-auth, and
+		 * if there was a time skew, try again.
+		 */
+		time_t sec_now;
+
+		krb5_timeofday (context, &sec_now);
+		context->kdc_sec_offset = ctx->error.stime - sec_now;
+
+		if (context->kdc_sec_offset)
+		    ret = 0; 
 	    } else if (ret == KRB5_KDC_ERR_WRONG_REALM && ctx->flags.canonicalize) {
 	        /* client referal to a new realm */
 		if (ctx->error.crealm) {