[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing file




You are absolutely right Assar, It it _not_ very difficult
to get it to compile (wo the password changing stuff yet).
The version of pam_krb5 I am using is 1.0-1.

However I have problems getting krb5_verify_user to
work for me -- my idea was to use that instead of the 
stuff in _krb5_verify_password but I get strange error 
codes:

_krb5_verify_password: Unknown error -1765328343 while verifying user

for the following code (if you skip the pamh stuff you should
be able to reproduce my error message). The situation I am in
is that a user is typing "su". This bit of code is called with
the target user and password:

static int _krb5_verify_password(pam_handle_t *pamh
				 , const char *name, const char *p
				 , unsigned int ctrl)
{
     int retval;
     krb5_error_code code;
     krb5_context context;
     krb5_principal me;
     krb5_ccache ccache = NULL;
     krb5_creds my_creds,tgt_creds;
     char *padcred;
     
     if (retval = krb5_init_context(&context)) {
       com_err("NI", retval, "initializing krb5 context");
       exit(retval);
     }
     krb5_init_ets(context);

     /* get credential cache */
     if ((code = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))) {
       com_err("_krb5_verify_password", code, "while getting ccache");
       return PAM_AUTH_ERR;
     }

     /* parse from name */
     code = krb5_parse_name (context, name, &me);
     if (code) {
       com_err ("_krb5_verify_password", code, "when parsing name %s",name);
       return PAM_AUTH_ERR;
     }
     my_creds.client = me;

     code = krb5_verify_user(context, me, ccache, p, 0, NULL);
     if (code){
       com_err("_krb5_verify_password", code, "while verifying user");
       return PAM_AUTH_ERR;
     }

     /* setup credentials */
     memset((char *)&my_creds, 0, sizeof(my_creds));
     
     code = krb5_make_principal(context, 
				&my_creds.server,
				*krb5_princ_realm(context,me),
				"krbtgt",
				*krb5_princ_realm(context,me),
				0);
     
     code = krb5_cc_retrieve_cred(context,
				  ccache,
				  0,
				  &my_creds,
				  &tgt_creds);

     krb5_cc_destroy(context, ccache);
     padcred = (char *)malloc(sizeof(tgt_creds));
     memset(padcred,0,sizeof(*padcred));
     memcpy(padcred, &tgt_creds, sizeof(tgt_creds));
     pam_set_data(pamh,"krbcred", padcred, _cleanup);
     return PAM_SUCCESS;
}

But this is perhaps not the correct approach... comments?

	MVH leifj

Leif Johansson				Phone: +46 8 164541		
Department of Mathematics		Fax  : +46 8 6126717		
Stockholm University 			email: leifj@matematik.su.se 	

    <This space is left blank for quotational and disclamatory purposes.>