Changes from Dave Mills

bk: 4250c0f2sqaOLzvuukNBbWyxTnwMPQ

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index d83993d216cf0694e59c0ab540bd69aeb18d0a40..7f31d63321e3f48a91462f0203255f2882a3b702 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -790,12 +790,12 @@ receive(
                 * If the inbound packet is correctly authenticated and
                 * enabled, a symmetric passive association is
                 * mobilized. If not but correctly authenticated, a
-                * symmetric active response is sent. A crypto-NAK is
-                * returned if authentication fails. 
+                * symmetric active response is sent. If authentication
+                * fails, send a crypto-NAK packet. 
                 */
                if (!AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
                    {
-                       if (skeyid)
+                       if (is_authentic == AUTH_ERROR)
                                fast_xmit(rbufp, MODE_ACTIVE, 0,
                                    restrict_mask);
                        return;                 /* bad auth */