diff options
| author | wollman <wollman@FreeBSD.org> | 1995-04-13 15:20:35 +0000 |
|---|---|---|
| committer | wollman <wollman@FreeBSD.org> | 1995-04-13 15:20:35 +0000 |
| commit | e67b64e7bc27e8c6b65f04a69a87176b0eb3be03 (patch) | |
| tree | 9850e1767877367c533304768922f35ea350b2a5 /usr.bin/login | |
| parent | 7e90d0e2aa65c8b2d3875366c926e675b5991c14 (diff) | |
| download | FreeBSD-src-e67b64e7bc27e8c6b65f04a69a87176b0eb3be03.zip FreeBSD-src-e67b64e7bc27e8c6b65f04a69a87176b0eb3be03.tar.gz | |
Disallow Kerberos when S/Key is required. Fixes PR #339.
Submitted by: Paul Traina <pst@Shockwave.com>
Diffstat (limited to 'usr.bin/login')
| -rw-r--r-- | usr.bin/login/login.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index c10e0e2..86e8c84 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -274,6 +274,17 @@ main(argc, argv) if (pwd) { #ifdef KERBEROS +#ifdef SKEY + /* + * Do not allow user to type in kerberos password + * over the net (actually, this is ok for encrypted + * links, but we have no way of determining if the + * link is encrypted. + */ + if (!permit_password) { + rval = 1; /* failed */ + } else +#endif rval = klogin(pwd, instance, localhost, p); if (rval != 0 && rootlogin && pwd->pw_uid != 0) rootlogin = 0; |
