aboutsummaryrefslogtreecommitdiff
path: root/contrib/pam-krb5/module/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/pam-krb5/module/auth.c')
-rw-r--r--contrib/pam-krb5/module/auth.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/contrib/pam-krb5/module/auth.c b/contrib/pam-krb5/module/auth.c
index 065ce97b6596..46f2be791000 100644
--- a/contrib/pam-krb5/module/auth.c
+++ b/contrib/pam-krb5/module/auth.c
@@ -696,6 +696,12 @@ verify_creds(struct pam_args *args, krb5_creds *creds)
if (cursor_valid)
krb5_kt_end_seq_get(c, keytab, &cursor);
}
+#ifdef __FreeBSD__
+ if (args->config->allow_kdc_spoof)
+ opts.flags &= ~KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
+ else
+ opts.flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
+#endif /* __FreeBSD__ */
retval = krb5_verify_init_creds(c, creds, princ, keytab, NULL, &opts);
if (retval != 0)
putil_err_krb5(args, retval, "credential verification failed");
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-24 12:10:59 +0000