aboutsummaryrefslogtreecommitdiff
path: root/src/kdc/fast_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/kdc/fast_util.c')
-rw-r--r--src/kdc/fast_util.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
index 17b8447..310faf0 100644
--- a/src/kdc/fast_util.c
+++ b/src/kdc/fast_util.c
@@ -148,6 +148,11 @@ kdc_find_fast(krb5_kdc_req **requestptr,
if (retval == 0 &&fast_armored_req->armor) {
switch (fast_armored_req->armor->armor_type) {
case KRB5_FAST_ARMOR_AP_REQUEST:
+ if (tgs_subkey) {
+ krb5_set_error_message( kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
+ "Ap-request armor not permitted with TGS");
+ return KRB5KDC_ERR_PREAUTH_FAILED;
+ }
retval = armor_ap_request(state, fast_armored_req->armor);
break;
default:
generated by cgit v1.1 at 2024-09-07 18:46:39 +0000