- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
diff --git a/ChangeLog b/ChangeLog
index a4af4e8..26b5c5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20131024
+ - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
+ rather than full client name which may be of form user@REALM;
+ patch from Miguel Sanders; ok dtucker@
+
20131023
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2013/10/20 04:39:28
diff --git a/auth-krb5.c b/auth-krb5.c
index 7c83f59..6c62bdf 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -157,7 +157,8 @@
if (problem)
goto out;
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
+ authctxt->pw->pw_name)) {
problem = -1;
goto out;
}