make kerberos work again:
1. make notickets external 2. don't use the tty as part of the credential cache, since pts/1 will not work. 3. Attempt to use the newer functions, but punt for now since it does not work yet.
This commit is contained in:
parent
0c647c7841
commit
08935f4cd9
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $ */
|
||||
/* $NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1990 The Regents of the University of California.
|
||||
|
@ -51,7 +51,7 @@
|
|||
#if 0
|
||||
static char sccsid[] = "@(#)klogin.c 5.11 (Berkeley) 7/12/92";
|
||||
#endif
|
||||
__RCSID("$NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $");
|
||||
__RCSID("$NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $");
|
||||
#endif /* not lint */
|
||||
|
||||
#ifdef KERBEROS5
|
||||
|
@ -71,7 +71,7 @@ __RCSID("$NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $");
|
|||
|
||||
krb5_context kcontext;
|
||||
|
||||
int notickets;
|
||||
extern int notickets;
|
||||
int krb5_configured;
|
||||
char *krb5tkfile_env;
|
||||
extern char *tty;
|
||||
|
@ -335,14 +335,11 @@ k5login(struct passwd *pw, char *instance, char *localhost, char *password)
|
|||
krb5_timestamp now;
|
||||
krb5_ccache ccache = NULL;
|
||||
long lifetime = KRB5_DEFAULT_LIFE;
|
||||
int options = KRB5_DEFAULT_OPTIONS;
|
||||
char *realm, *client_name;
|
||||
char *principal;
|
||||
|
||||
krb5_configured = 1;
|
||||
|
||||
if (login_krb5_forwardable_tgt)
|
||||
options |= KDC_OPT_FORWARDABLE;
|
||||
|
||||
/*
|
||||
* Root logins don't use Kerberos.
|
||||
|
@ -366,10 +363,10 @@ k5login(struct passwd *pw, char *instance, char *localhost, char *password)
|
|||
|
||||
if (strcmp(instance, "root") != 0)
|
||||
(void)snprintf(tkt_location, sizeof tkt_location,
|
||||
"FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
|
||||
"FILE:/tmp/krb5cc_%d", pw->pw_uid);
|
||||
else
|
||||
(void)snprintf(tkt_location, sizeof tkt_location,
|
||||
"FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
|
||||
"FILE:/tmp/krb5cc_root_%d", pw->pw_uid);
|
||||
krb5tkfile_env = tkt_location;
|
||||
has_ccache = 1;
|
||||
|
||||
|
@ -433,8 +430,30 @@ k5login(struct passwd *pw, char *instance, char *localhost, char *password)
|
|||
my_creds.times.endtime = now + lifetime;
|
||||
my_creds.times.renew_till = 0;
|
||||
|
||||
#if 1
|
||||
int options = KRB5_DEFAULT_OPTIONS;
|
||||
|
||||
if (login_krb5_forwardable_tgt)
|
||||
options |= KDC_OPT_FORWARDABLE;
|
||||
|
||||
kerror = krb5_get_in_tkt_with_password(kcontext, options,
|
||||
NULL, NULL, NULL, password, ccache, &my_creds, 0);
|
||||
#else
|
||||
/* This does not work yet */
|
||||
krb5_get_init_creds_opt *opt;
|
||||
|
||||
if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, &opt)) != 0) {
|
||||
k5_log(kcontext, kerror, "while getting options");
|
||||
return (1);
|
||||
}
|
||||
if (login_krb5_forwardable_tgt)
|
||||
krb5_get_init_creds_opt_set_forwardable(opt, 1);
|
||||
|
||||
kerror = krb5_get_init_creds_password(kcontext, &my_creds, me, password,
|
||||
NULL, NULL, 0, NULL, opt);
|
||||
|
||||
krb5_get_init_creds_opt_free(kcontext, opt);
|
||||
#endif
|
||||
|
||||
if (my_creds.server != NULL)
|
||||
krb5_free_principal(kcontext, my_creds.server);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $ */
|
||||
/* $NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
|
||||
|
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994\
|
|||
#if 0
|
||||
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
__RCSID("$NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $");
|
||||
__RCSID("$NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $");
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
|
@ -118,7 +118,7 @@ static void usage(void);
|
|||
|
||||
#if defined(KERBEROS5)
|
||||
int has_ccache = 0;
|
||||
static int notickets = 1;
|
||||
int notickets = 1;
|
||||
extern krb5_context kcontext;
|
||||
extern int have_forward;
|
||||
extern char *krb5tkfile_env;
|
||||
|
|
Loading…
Reference in New Issue