[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Missing file
Hi Leif and Assair,
I am using Itoi Naomaru's pam_krb5-1.0-1, too.
I just wonder if this file is needed anyway?
Any comments?
Thanks,
Maria
PS We can use Swedish as well if you like.
----------------------------------------------------------
Maria Pazsit System Developer The Chips Project
Chalmers University of Technology www.chips.chalmers.se
----------------------------------------------------------
------------- Begin Forwarded Message -------------
X-Address: Department of Mathematics, Stockholm University S-106 91
Stockholm SWEDEN
X-Phone: int+46 8 162000
X-Fax: int+46 8 6126717
X-Url: http://www.matematik.su.se
To: Assar Westerlund <assar@sics.se>
cc: Maria Pazsit <mary@chips.chalmers.se>, heimdal-discuss@sics.se
Subject: Re: Missing file
Mime-Version: 1.0
Date: Fri, 20 Nov 1998 13:23:54 +0100
From: Leif Johansson <leifj@matematik.su.se>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by
dave.chips.chalmers.se id NAA26211
You are absolutely right Assar, It it _not_ very difficult
to get it to compile (wo the password changing stuff yet).
The version of pam_krb5 I am using is 1.0-1.
However I have problems getting krb5_verify_user to
work for me -- my idea was to use that instead of the
stuff in _krb5_verify_password but I get strange error
codes:
_krb5_verify_password: Unknown error -1765328343 while verifying user
for the following code (if you skip the pamh stuff you should
be able to reproduce my error message). The situation I am in
is that a user is typing "su". This bit of code is called with
the target user and password:
static int _krb5_verify_password(pam_handle_t *pamh
, const char *name, const char *p
, unsigned int ctrl)
{
int retval;
krb5_error_code code;
krb5_context context;
krb5_principal me;
krb5_ccache ccache = NULL;
krb5_creds my_creds,tgt_creds;
char *padcred;
if (retval = krb5_init_context(&context)) {
com_err("NI", retval, "initializing krb5 context");
exit(retval);
}
krb5_init_ets(context);
/* get credential cache */
if ((code = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))) {
com_err("_krb5_verify_password", code, "while getting ccache");
return PAM_AUTH_ERR;
}
/* parse from name */
code = krb5_parse_name (context, name, &me);
if (code) {
com_err ("_krb5_verify_password", code, "when parsing name
%s",name);
return PAM_AUTH_ERR;
}
my_creds.client = me;
code = krb5_verify_user(context, me, ccache, p, 0, NULL);
if (code){
com_err("_krb5_verify_password", code, "while verifying user");
return PAM_AUTH_ERR;
}
/* setup credentials */
memset((char *)&my_creds, 0, sizeof(my_creds));
code = krb5_make_principal(context,
&my_creds.server,
*krb5_princ_realm(context,me),
"krbtgt",
*krb5_princ_realm(context,me),
0);
code = krb5_cc_retrieve_cred(context,
ccache,
0,
&my_creds,
&tgt_creds);
krb5_cc_destroy(context, ccache);
padcred = (char *)malloc(sizeof(tgt_creds));
memset(padcred,0,sizeof(*padcred));
memcpy(padcred, &tgt_creds, sizeof(tgt_creds));
pam_set_data(pamh,"krbcred", padcred, _cleanup);
return PAM_SUCCESS;
}
But this is perhaps not the correct approach... comments?
MVH leifj
Leif Johansson Phone: +46 8 164541
Department of Mathematics Fax : +46 8 6126717
Stockholm University email: leifj@matematik.su.se
<This space is left blank for quotational and disclamatory purposes.>
------------- End Forwarded Message -------------