From af2ddab839944028ef51d9ef393496063f454bea Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 21 Sep 2011 18:40:16 +0000
Subject: If the client offers the alg agility KDF, use it

Signed-off-by: Margaret Wasserman <mrw@painless-security.com>

pkinit:  changes to call alg-agility KDF

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25218 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/kdc_preauth.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/kdc/kdc_preauth.c')

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 72c1752..69b1e2c 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1104,6 +1104,8 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
         /* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
         /* case KRB5KDC_ERR_KEY_TOO_WEAK: */
     case KRB5KDC_ERR_DISCARD:
+        /* pkinit alg-agility */
+    case KRB5KDC_ERR_NO_ACCEPTABLE_KDF:
         return retval;
     default:
         return KRB5KDC_ERR_PREAUTH_FAILED;
-- 
cgit v1.1