Add an option for pam_krb5 to allow it to authenticate users which don't have

a local account. PR: 76678 Submitted by: daved at tamu.edu MFC after: 2 weeks
author: dfr <dfr@FreeBSD.org> 2012-08-05 13:40:35 +0000
committer: dfr <dfr@FreeBSD.org> 2012-08-05 13:40:35 +0000
commit: 6bdab82e0ad7726e705a69f2d0d5987cf035484b (patch)
tree: a47af54c2216bbd2adab46e2a9bcf75bdf782da2 /lib/libpam
parent: 6596ce24feebde054db04d21ec8be0f4caf6fad2 (diff)
download: FreeBSD-src-6bdab82e0ad7726e705a69f2d0d5987cf035484b.zip
FreeBSD-src-6bdab82e0ad7726e705a69f2d0d5987cf035484b.tar.gz
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index 602718f..3d5105d 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -91,6 +91,7 @@ static void	compat_free_data_contents(krb5_context, krb5_data *);
 #define PAM_OPT_NO_CCACHE	"no_ccache"
 #define PAM_OPT_NO_USER_CHECK	"no_user_check"
 #define PAM_OPT_REUSE_CCACHE	"reuse_ccache"
+#define PAM_OPT_NO_USER_CHECK	"no_user_check"
 
 #define	PAM_LOG_KRB5_ERR(ctx, rv, fmt, ...)				\
 	do {								\
@@ -218,10 +219,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 			PAM_LOG("PAM_USER Redone");
 		}
 
-		pwd = getpwnam(user);
-		if (pwd == NULL) {
-			retval = PAM_USER_UNKNOWN;
-			goto cleanup2;
+		if (!openpam_get_option(pamh, PAM_OPT_NO_USER_CHECK)) {
+			pwd = getpwnam(user);
+			if (pwd == NULL) {
+				retval = PAM_USER_UNKNOWN;
+				goto cleanup2;
+			}
 		}
 
 		PAM_LOG("Done getpwnam()");
author	dfr <dfr@FreeBSD.org>	2012-08-05 13:40:35 +0000
committer	dfr <dfr@FreeBSD.org>	2012-08-05 13:40:35 +0000
commit	6bdab82e0ad7726e705a69f2d0d5987cf035484b (patch)
tree	a47af54c2216bbd2adab46e2a9bcf75bdf782da2 /lib/libpam
parent	6596ce24feebde054db04d21ec8be0f4caf6fad2 (diff)
download	FreeBSD-src-6bdab82e0ad7726e705a69f2d0d5987cf035484b.zip FreeBSD-src-6bdab82e0ad7726e705a69f2d0d5987cf035484b.tar.gz