From c7ee532e46a515bb2c3ed8783c1c98cb13bf2caa Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 25 Mar 2006 10:34:51 +0000
Subject: r14711: let windows clients retry after getting ERR_SKEW

metze
(This used to be commit 02703f4e8f430233ec4365ea5cee641a9201802f)
---
 source4/heimdal/kdc/kerberos5.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'source4/heimdal/kdc/kerberos5.c')

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 392bc0acbe..3f9dcd12f8 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1045,9 +1045,16 @@ _kdc_as_rep(krb5_context context,
 	    free_PA_ENC_TS_ENC(&p);
 	    if (abs(kdc_time - p.patimestamp) > context->max_skew) {
 		ret = KRB5KRB_AP_ERR_SKEW;
-		e_text = "Too large time skew";
 		kdc_log(context, config, 0,
 			"Too large time skew -- %s", client_name);
+		/* 
+		 * the following is needed to make windows clients
+		 * to retry using the timestamp in the error message
+		 *
+		 * this is maybe a bug in windows to not trying when e_text
+		 * is present...
+		 */
+		e_text = NULL;
 		goto out;
 	    }
 	    et.flags.pre_authent = 1;
-- 
cgit