--- loncom/lond	2021/12/21 16:22:14	1.489.2.43
+++ loncom/lond	2022/02/25 09:46:25	1.489.2.44
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.489.2.43 2021/12/21 16:22:14 raeburn Exp $
+# $Id: lond,v 1.489.2.44 2022/02/25 09:46:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -63,7 +63,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.489.2.43 $'; #' stupid emacs
+my $VERSION='$Revision: 1.489.2.44 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -7603,8 +7603,15 @@ sub validate_user {
             } elsif ((($domdefaults{'auth_def'} eq 'krb4') || 
                       ($domdefaults{'auth_def'} eq 'krb5')) &&
                      ($domdefaults{'auth_arg_def'} ne '')) {
-                $howpwd = $domdefaults{'auth_def'};
-                $contentpwd = $domdefaults{'auth_arg_def'}; 
+                #
+                # Don't attempt authentication for username and password supplied
+                # for user without an account if uername contains @ to avoid
+                # call to &Authen::Krb5::parse_name() which will result in con_lost
+                #
+                unless ($user =~ /\@/) {
+                    $howpwd = $domdefaults{'auth_def'};
+                    $contentpwd = $domdefaults{'auth_arg_def'};
+                }
             }
         }
     }