Also don't fail on kftgt error code 5 (caused by missing .klogin files).

diff --git a/NEWS b/NEWS
index 89df88e12d981abb4dafed0501f54a711ced906e..e72c06de8df31f4c03ad9084ba4c92a3d2386430 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,9 +3,10 @@
 kftgt 1.13 (unreleased)
 
     If kftgt fails with an exit status indicating no Kerberos v4 ticket
-    cache, klogin and krsh should continue with rlogin and rsh anyway.
-    Now that we're transitioning to a pure Kerberos v5 environment, not
-    everyone has Kerberos v4 tickets.
+    cache or a Kerberos v4 authentication failure on the remote system,
+    klogin and krsh should continue with rlogin and rsh anyway.  Now that
+    we're transitioning to a pure Kerberos v5 environment, not everyone
+    has Kerberos v4 tickets or .klogin files.
 
     Fix the display of exit status in the kftgt man page with current
     versions of pod2man.

diff --git a/klogin b/klogin
index 0122ed1a4a62f952531c283bf5baf2057895186c..19584fd4b31877b30d95b6b0fbe1220b689de620 100755 (executable)
--- a/klogin
+++ b/klogin
@@ -257,7 +257,7 @@ sub forward_ticket {
     print "@command\n" if $CONFIG{verbose};
     my $status = system (@command);
     $status >>= 8;
-    if ($status != 0 && $status != 4) {
+    if ($status != 0 && $status != 4 && $status != 5) {
         die "$0: $command[0] failed with exit status $status\n";
     }
 }
@@ -348,7 +348,8 @@ I<host> using kftgt(1) and then connects to that machine using Kerberos
 rlogin.  If invoked with the B<-T> option or as B<ktelnet>, it uses Kerberos
 telnet instead, and also takes an optional I<port> argument to connect to a
 non-standard port.  If B<kftgt> fails with an error indicating that the user
-has no Kerberos v4 ticket cache, B<klogin> continues anyway.  Otherwise,
+has no Kerberos v4 ticket cache or no F<.klogin> file on the remote system,
+B<klogin> continues anyway (in case Kerberos v5 will work fine).  Otherwise,
 B<klogin> fails if B<kftgt> fails.
 
 By default, B<klogin> always uses encryption (the B<-x> option to rlogin or

diff --git a/krsh b/krsh
index 48100036153ab0a5b6373cc2c5317069bf007633..a5a68291aaf848a6f5df4f3f7aaf780eae62b69b 100755 (executable)
--- a/krsh
+++ b/krsh
@@ -161,7 +161,7 @@ sub forward_ticket {
     print "@command\n" if $CONFIG{verbose};
     my $status = system (@command);
     $status >>= 8;
-    if ($status != 0 && $status != 4) {
+    if ($status != 0 && $status != 4 && $status != 5) {
         die "$0: $command[0] failed with exit status $status\n";
     }
 }
@@ -225,8 +225,9 @@ B<krsh> forwards your Kerberos ticket-granting ticket to the machine I<host>
 using B<kftgt> and then executes I<command> on that system using Kerberos
 rlogin.  It assumes that the remote system has B<aklog>, B<kdestroy>, and
 B<unlog> installed on your default path on the remote system.  If B<kftgt>
-fails with an error indicating that the user has no Kerberos v4 ticket
-cache, B<klogin> continues anyway.  Otherwise, B<klogin> fails if B<kftgt>
+fails with an error indicating that the user has no Kerberos v4 ticket cache
+or no F<.klogin> file on the remote system, B<klogin> continues anyway (in
+case Kerberos v5 will work fine).  Otherwise, B<klogin> fails if B<kftgt>
 fails.
 
 Normally it's not necessary to forward one's ticket to execute commands