GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
}
ctx->gssFlags = gssFlags;
- } else if ((*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
+ } else if (GSS_ERROR(major) &&
+ (*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
/* pretend reauthentication attempt never happened */
gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);