[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing file

Hi Leif and Assair,

I am using Itoi Naomaru's pam_krb5-1.0-1, too.
I just wonder if this file is needed anyway?

Any comments?


PS We can use Swedish as well if you like.

Maria Pazsit     System Developer    The Chips Project
Chalmers University of Technology    www.chips.chalmers.se

------------- Begin Forwarded Message -------------

X-Address: Department of Mathematics, Stockholm University  S-106 91  
Stockholm SWEDEN
X-Phone: int+46 8 162000
X-Fax: int+46 8 6126717
X-Url: http://www.matematik.su.se
To: Assar Westerlund <assar@sics.se>
cc: Maria Pazsit <mary@chips.chalmers.se>, heimdal-discuss@sics.se
Subject: Re: Missing file 
Mime-Version: 1.0
Date: Fri, 20 Nov 1998 13:23:54 +0100
From: Leif Johansson <leifj@matematik.su.se>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by 
dave.chips.chalmers.se id NAA26211

You are absolutely right Assar, It it _not_ very difficult
to get it to compile (wo the password changing stuff yet).
The version of pam_krb5 I am using is 1.0-1.

However I have problems getting krb5_verify_user to
work for me -- my idea was to use that instead of the 
stuff in _krb5_verify_password but I get strange error 

_krb5_verify_password: Unknown error -1765328343 while verifying user

for the following code (if you skip the pamh stuff you should
be able to reproduce my error message). The situation I am in
is that a user is typing "su". This bit of code is called with
the target user and password:

static int _krb5_verify_password(pam_handle_t *pamh
				 , const char *name, const char *p
				 , unsigned int ctrl)
     int retval;
     krb5_error_code code;
     krb5_context context;
     krb5_principal me;
     krb5_ccache ccache = NULL;
     krb5_creds my_creds,tgt_creds;
     char *padcred;
     if (retval = krb5_init_context(&context)) {
       com_err("NI", retval, "initializing krb5 context");

     /* get credential cache */
     if ((code = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))) {
       com_err("_krb5_verify_password", code, "while getting ccache");
       return PAM_AUTH_ERR;

     /* parse from name */
     code = krb5_parse_name (context, name, &me);
     if (code) {
       com_err ("_krb5_verify_password", code, "when parsing name 
       return PAM_AUTH_ERR;
     my_creds.client = me;

     code = krb5_verify_user(context, me, ccache, p, 0, NULL);
     if (code){
       com_err("_krb5_verify_password", code, "while verifying user");
       return PAM_AUTH_ERR;

     /* setup credentials */
     memset((char *)&my_creds, 0, sizeof(my_creds));
     code = krb5_make_principal(context, 
     code = krb5_cc_retrieve_cred(context,

     krb5_cc_destroy(context, ccache);
     padcred = (char *)malloc(sizeof(tgt_creds));
     memcpy(padcred, &tgt_creds, sizeof(tgt_creds));
     pam_set_data(pamh,"krbcred", padcred, _cleanup);
     return PAM_SUCCESS;

But this is perhaps not the correct approach... comments?

	MVH leifj

Leif Johansson				Phone: +46 8 164541		
Department of Mathematics		Fax  : +46 8 6126717		
Stockholm University 			email: leifj@matematik.su.se 	

    <This space is left blank for quotational and disclamatory purposes.>

------------- End Forwarded Message -------------