--- loncom/lond	2008/05/30 21:34:27	1.394.2.1
+++ loncom/lond	2008/02/21 16:04:19	1.395
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.394.2.1 2008/05/30 21:34:27 raeburn Exp $
+# $Id: lond,v 1.395 2008/02/21 16:04:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -59,7 +59,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.394.2.1 $'; #' stupid emacs
+my $VERSION='$Revision: 1.395 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1514,13 +1514,16 @@ sub authenticate_handler {
     #  udom    - User's domain.
     #  uname   - Username.
     #  upass   - User's password.
+    #  defauthtype - Default authentication types for the domain
+    #  defautharg - Default authentication arg for the domain
     
-    my ($udom,$uname,$upass)=split(/:/,$tail);
+    my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail);
     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
     chomp($upass);
     $upass=&unescape($upass);
 
-    my $pwdcorrect = &validate_user($udom, $uname, $upass);
+    my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype,
+                                    $defautharg);
     if($pwdcorrect) {
 	&Reply( $client, "authorized\n", $userinput);
 	#
@@ -3518,9 +3521,7 @@ sub dump_course_id_handler {
                 $is_hash =  0;
                 my @courseitems = split(/:/,$value);
                 $lasttime = pop(@courseitems);
-                if ($hashref->{$lasttime_key} eq '') {
-                    next if ($lasttime<$since);
-                }
+                next if ($lasttime<$since);
 	        ($val{'descr'},$val{'inst_code'},$val{'owner'},$val{'type'}) = @courseitems;
             }
             my $match = 1;
@@ -5972,8 +5973,7 @@ sub get_auth_type
 #     0        - The domain,user,password triplet is not a valid user.
 #
 sub validate_user {
-    my ($domain, $user, $password) = @_;
-
+    my ($domain, $user, $password, $defauthtype, $defautharg) = @_;
 
     # Why negative ~pi you may well ask?  Well this function is about
     # authentication, and therefore very important to get right.
@@ -5996,8 +5996,17 @@ sub validate_user {
 
     my $null = pack("C",0);	# Used by kerberos auth types.
 
+    if ($howpwd eq 'nouser') {
+        if ($defauthtype eq 'localauth') {
+            $howpwd = $defauthtype;
+            $contentpwd = $defautharg;
+        } elsif ((($defauthtype eq 'krb4') || ($defauthtype eq 'krb5')) &&
+             ($defautharg ne '')) {
+            $howpwd = $defauthtype;
+            $contentpwd = $defautharg; 
+        }
+    } 
     if ($howpwd ne 'nouser') {
-
 	if($howpwd eq "internal") { # Encrypted is in local password file.
 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
 	}