http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch committed...

[gssapi-openssh.git] / openssh / auth2.c

diff --git a/openssh/auth2.c b/openssh/auth2.c
index b1a4e3635aa76d45282b772bf6cb7543016c47d1..3009e291e9e877681be8ca520bdc76c8e4800932 100644 (file)
--- a/openssh/auth2.c
+++ b/openssh/auth2.c
@@ -64,6 +64,7 @@ extern Authmethod method_passwd;
 extern Authmethod method_kbdint;
 extern Authmethod method_hostbased;
 #ifdef GSSAPI
+extern Authmethod method_gsskeyex;
 extern Authmethod method_gssapi;
 #endif
 
@@ -71,6 +72,7 @@ Authmethod *authmethods[] = {
        &method_none,
        &method_pubkey,
 #ifdef GSSAPI
+       &method_gsskeyex,
        &method_gssapi,
 #endif
        &method_passwd,
@@ -195,6 +197,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 #endif
 
        authctxt->postponed = 0;
+       authctxt->server_caused_failure = 0;
 
        /* try to authenticate user */
        m = authmethod_lookup(method);
@@ -265,7 +268,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                /* now we can break out */
                authctxt->success = 1;
        } else {
-               if (authctxt->failures++ > options.max_authtries) {
+               /* Dont count server configuration issues against the client */
+               if (!authctxt->server_caused_failure && 
+                   authctxt->failures++ > options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
                        PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif