diff --git a/ChangeLog b/ChangeLog index a4af4e897..26b5c5d7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20131024 + - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check + rather than full client name which may be of form user@REALM; + patch from Miguel Sanders; ok dtucker@ + 20131023 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2013/10/20 04:39:28 diff --git a/auth-krb5.c b/auth-krb5.c index 7c83f597f..6c62bdf54 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -157,7 +157,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->pw->pw_name)) { problem = -1; goto out; }