K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2001-07-13T18:12:13.000000Z
K 7
svn:log
V 538
Bug  fix: When   the  client  connects   to  a  server   and  Kerberos
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week

END