62 lines
2.2 KiB
C
62 lines
2.2 KiB
C
/* Taken from logdaemon-5.0, only minimal changes. --marekm */
|
|
|
|
/************************************************************************
|
|
* Copyright 1995 by Wietse Venema. All rights reserved. Individual files
|
|
* may be covered by other copyrights (as noted in the file itself.)
|
|
*
|
|
* This material was originally written and compiled by Wietse Venema at
|
|
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
|
|
* 1992, 1993, 1994 and 1995.
|
|
*
|
|
* Redistribution and use in source and binary forms are permitted
|
|
* provided that this entire copyright notice is duplicated in all such
|
|
* copies.
|
|
*
|
|
* This software is provided "as is" and without any expressed or implied
|
|
* warranties, including, without limitation, the implied warranties of
|
|
* merchantibility and fitness for any particular purpose.
|
|
************************************************************************/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#ifdef KERBEROS
|
|
#include "rcsid.h"
|
|
RCSID("$Id: login_krb.c,v 1.3 1998/01/29 23:22:34 marekm Exp $")
|
|
|
|
#include <krb.h>
|
|
|
|
/*
|
|
* Do an equivalent to kinit here. We need to do the kinit before trying to
|
|
* cd to the home directory, because it might be on a remote filesystem that
|
|
* uses Kerberos authentication. We also need to do this after we've
|
|
* setuid() to the user, or krb_get_pw_in_tkt() won't know where to put the
|
|
* ticket.
|
|
*
|
|
* We don't really care about whether or not it succeeds; if it fails, we'll
|
|
* just carry on bravely.
|
|
*
|
|
* NB: we assume: local realm, same username and password as supplied to login.
|
|
*
|
|
* Security note: if pp is NULL, login doesn't have the password. This is
|
|
* common when it's called by rlogind. Since this is almost always a remote
|
|
* connection, we don't want to risk asking for the password by supplying a
|
|
* NULL pp to krb_get_pw_in_tkt(), because somebody could be listening. So
|
|
* we'll just forget the whole thing. -jdd
|
|
*/
|
|
|
|
int
|
|
login_kerberos(const char *username, const char *password)
|
|
{
|
|
char realm[REALM_SZ];
|
|
|
|
(void) krb_get_lrealm(realm, 1);
|
|
if (password != 0)
|
|
(void) krb_get_pw_in_tkt(username, "", realm, "krbtgt",
|
|
realm, DEFAULT_TKT_LIFE, password);
|
|
}
|
|
#else
|
|
extern int errno; /* warning: ANSI C forbids an empty source file */
|
|
#endif /* KERBEROS */
|