Blame SOURCES/openssh-8.7p1-gssapi-auth.patch
|
|
39b801 |
diff --color -rup a/monitor.c b/monitor.c
|
|
|
39b801 |
--- a/monitor.c 2022-07-11 15:11:28.146863144 +0200
|
|
|
39b801 |
+++ b/monitor.c 2022-07-11 15:15:35.726655877 +0200
|
|
|
39b801 |
@@ -376,8 +376,15 @@ monitor_child_preauth(struct ssh *ssh, s
|
|
|
39b801 |
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
|
|
|
39b801 |
auth_log(ssh, authenticated, partial,
|
|
|
39b801 |
auth_method, auth_submethod);
|
|
|
39b801 |
- if (!partial && !authenticated)
|
|
|
39b801 |
+ if (!partial && !authenticated) {
|
|
|
39b801 |
+#ifdef GSSAPI
|
|
|
39b801 |
+ /* If gssapi-with-mic failed, MONITOR_REQ_GSSCHECKMIC is disabled.
|
|
|
39b801 |
+ * We have to reenable it to try again for gssapi-keyex */
|
|
|
39b801 |
+ if (strcmp(auth_method, "gssapi-with-mic") == 0 && options.gss_keyex)
|
|
|
39b801 |
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
|
|
|
39b801 |
+#endif
|
|
|
39b801 |
authctxt->failures++;
|
|
|
39b801 |
+ }
|
|
|
39b801 |
if (authenticated || partial) {
|
|
|
39b801 |
auth2_update_session_info(authctxt,
|
|
|
39b801 |
auth_method, auth_submethod);
|