r14711: let windows clients retry after getting ERR_SKEW

author Stefan Metzmacher <metze@samba.org>

Sat, 25 Mar 2006 10:34:51 +0000 (10:34 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:59:11 +0000 (13:59 -0500)
author Stefan Metzmacher <metze@samba.org>
Sat, 25 Mar 2006 10:34:51 +0000 (10:34 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:59:11 +0000 (13:59 -0500)
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c

index 392bc0acbeab19c084d923732a55db0be3f14975..3f9dcd12f800e003fed0d93ab6ad34e0ee87eaf5 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1045,9 +1045,16 @@ _kdc_as_rep(krb5_context context,
             free_PA_ENC_TS_ENC(&p);
             if (abs(kdc_time - p.patimestamp) > context->max_skew) {
                 ret = KRB5KRB_AP_ERR_SKEW;
-               e_text = "Too large time skew";
                 kdc_log(context, config, 0,
                         "Too large time skew -- %s", client_name);
+               /* 
+                * the following is needed to make windows clients
+                * to retry using the timestamp in the error message
+                *
+                * this is maybe a bug in windows to not trying when e_text
+                * is present...
+                */
+               e_text = NULL;
                 goto out;
             }
             et.flags.pre_authent = 1;
author	Stefan Metzmacher <metze@samba.org>
	Sat, 25 Mar 2006 10:34:51 +0000 (10:34 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:59:11 +0000 (13:59 -0500)