X-Git-Url: http://www.project-moonshot.org/gitweb/?p=openssh.git;a=blobdiff_plain;f=gss-serv.c;h=459cecc35881ca1cbb78fa36ce884180cf9a7145;hp=2a6bfbfb7bf0de491e0b584e4bdd49616ac712c6;hb=HEAD;hpb=afca9d259be1d594e282f9a80714e4be12fea16e

diff --git a/gss-serv.c b/gss-serv.c
index 2a6bfbf..459cecc 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -175,10 +175,13 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
 	 * we flag the user as also having been authenticated
 	 */
 
-	if (((flags == NULL) || ((*flags & GSS_C_MUTUAL_FLAG) &&
-	    (*flags & GSS_C_INTEG_FLAG))) && (ctx->major == GSS_S_COMPLETE)) {
-		if (ssh_gssapi_getclient(ctx, &gssapi_client))
+	if (ctx->major == GSS_S_COMPLETE) {
+		if (options.gss_require_mic &&
+		    ((flags == NULL) || !(*flags & GSS_C_INTEG_FLAG))) {
+			debug("GSSAPIRequireMIC true and integrity protection not supported so gssapi-with-mic fails.");
+		} else if (ssh_gssapi_getclient(ctx, &gssapi_client)) {
 			fatal("Couldn't convert client name");
+		}
 	}
 
 	return (status);