summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-29 13:13:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:30 -0500
commit12d4dd28a5de1bafbd982ce0043d73dd5a49c3bf (patch)
treece9fe123acc9a5412a576f135e162bb999cc6f39
parent5e456b38ed0656d6364f06f31e06ebfb3ab34901 (diff)
downloadsamba-12d4dd28a5de1bafbd982ce0043d73dd5a49c3bf.tar.gz
samba-12d4dd28a5de1bafbd982ce0043d73dd5a49c3bf.tar.bz2
samba-12d4dd28a5de1bafbd982ce0043d73dd5a49c3bf.zip
r11394: Allow KDC unreachable as another 'forget about gssapi' error on SPNEGO.
Andrew Bartlett (This used to be commit da24074860cb7029ef0ff45105170642174f45c1)
-rw-r--r--source4/auth/gensec/gensec_gssapi.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 8c0eb23546..d59d19c636 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -430,6 +430,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
&& (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements,
gensec_gssapi_state->gss_oid->length) == 0)) {
switch (min_stat) {
+ case KRB5_KDC_UNREACH:
+ DEBUG(3, ("Cannot reach a KDC we require: %s\n",
+ gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat)));
+ return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
DEBUG(3, ("Server is not registered with our KDC: %s\n",
gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat)));