If we cannot get a valid service key using the default keytab it

is a fatal error.  Fixes a bug where sudo could be tricked into
allowing access when it should not by a fake KDC.
From Thor Lancelot Simon.

diff --git a/auth/kerb5.c b/auth/kerb5.c
index cd1078b1276249b36d23e5005d15520a2be2df01..b0a0ebde97bfe3e764cea8316b9e94ec953a62a2 100644 (file)
--- a/auth/kerb5.c
+++ b/auth/kerb5.c
@@ -274,7 +274,6 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name)
        log_error(NO_EXIT,
                  "%s: host service key not found: %s", auth_name,
                  error_message(error));
-       error = 0;
        goto cleanup;
     }
     if (keyblock)