--- loncom/lond	2022/02/01 23:13:21	1.572
+++ loncom/lond	2022/02/25 09:38:47	1.574
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.572 2022/02/01 23:13:21 raeburn Exp $
+# $Id: lond,v 1.574 2022/02/25 09:38:47 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -65,7 +65,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.572 $'; #' stupid emacs
+my $VERSION='$Revision: 1.574 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -5142,7 +5142,7 @@ sub get_domain_handler {
     my $userinput = "$cmd:$tail";
 
     my ($udom,$namespace,$what)=split(/:/,$tail,3);
-    if ($namespace =~ /^enc/) {
+    if (($namespace =~ /^enc/) || ($namespace eq 'private')) {
         &Failure( $client, "refused\n", $userinput);
     } else {
         my $res = LONCAPA::Lond::get_dom($userinput);
@@ -5181,23 +5181,28 @@ sub encrypted_get_domain_handler {
 
     my $userinput = "$cmd:$tail";
 
-    my $res = LONCAPA::Lond::get_dom($userinput);
-    if ($res =~ /^error:/) {
-        &Failure($client, \$res, $userinput);
+    my ($udom,$namespace,$what) = split(/:/,$tail,3);
+    if ($namespace eq 'private') {
+        &Failure( $client, "refused\n", $userinput);
     } else {
-        if ($cipher) {
-            my $cmdlength=length($res);
-            $res.="         ";
-            my $encres='';
-            for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
-                $encres.= unpack("H16",
-                                 $cipher->encrypt(substr($res,
-                                                         $encidx,
-                                                         8)));
-            }
-            &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
+        my $res = LONCAPA::Lond::get_dom($userinput);
+        if ($res =~ /^error:/) {
+            &Failure($client, \$res, $userinput);
         } else {
-            &Failure( $client, "error:no_key\n",$userinput);
+            if ($cipher) {
+                my $cmdlength=length($res);
+                $res.="         ";
+                my $encres='';
+                for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                    $encres.= unpack("H16",
+                                     $cipher->encrypt(substr($res,
+                                                             $encidx,
+                                                             8)));
+                }
+                &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
+            } else {
+                &Failure( $client, "error:no_key\n",$userinput);
+            }
         }
     }
     return 1;
@@ -8382,8 +8387,15 @@ sub validate_user {
             } elsif ((($domdefaults{'auth_def'} eq 'krb4') || 
                       ($domdefaults{'auth_def'} eq 'krb5')) &&
                      ($domdefaults{'auth_arg_def'} ne '')) {
-                $howpwd = $domdefaults{'auth_def'};
-                $contentpwd = $domdefaults{'auth_arg_def'}; 
+                #
+                # Don't attempt authentication for username and password supplied
+                # for user without an account if uername contains @ to avoid
+                # call to &Authen::Krb5::parse_name() which will result in con_lost 
+                #
+                unless ($user =~ /\@/) {
+                    $howpwd = $domdefaults{'auth_def'};
+                    $contentpwd = $domdefaults{'auth_arg_def'};
+                }
             }
         }
     }