diff options
Diffstat (limited to 'crypto/kerberosIV/lib/auth/pam')
| -rw-r--r-- | crypto/kerberosIV/lib/auth/pam/Makefile.in | 13 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/pam/README | 10 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/pam/pam.c | 23 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/pam/pam.conf.add | 63 |
4 files changed, 88 insertions, 21 deletions
diff --git a/crypto/kerberosIV/lib/auth/pam/Makefile.in b/crypto/kerberosIV/lib/auth/pam/Makefile.in index f338fbf..b012fcd 100644 --- a/crypto/kerberosIV/lib/auth/pam/Makefile.in +++ b/crypto/kerberosIV/lib/auth/pam/Makefile.in @@ -1,5 +1,5 @@ # -# $Id: Makefile.in,v 1.20 1999/03/10 19:01:14 joda Exp $ +# $Id: Makefile.in,v 1.25 1999/11/15 10:20:48 assar Exp $ # SHELL = /bin/sh @@ -27,12 +27,17 @@ PICFLAGS = @REAL_PICFLAGS@ LDSHARED = @LDSHARED@ SHLIBEXT = @REAL_SHLIBEXT@ LD_FLAGS = @REAL_LD_FLAGS@ + +LIB_res_search = @LIB_res_search@ +LIB_dn_expand = @LIB_dn_expand@ -@lib_deps_yes@LIB_DEPS = -L../../kafs -L../../krb -L../../des -L../../roken \ -@lib_deps_yes@ -lkafs -lkrb -ldes -lroken -lc +@lib_deps_yes@LIB_DEPS = -L../../kafs -L../../krb -L../../des \ +@lib_deps_yes@ -lkafs -lkrb -ldes \ +@lib_deps_yes@ $(LIB_res_search) $(LIB_dn_expand) -lpam -lc @lib_deps_no@LIB_DEPS = -LIB = pam_krb4.$(SHLIBEXT) +LIBNAME = pam_krb4 +LIB = $(LIBNAME).$(SHLIBEXT) SOURCES = pam.c diff --git a/crypto/kerberosIV/lib/auth/pam/README b/crypto/kerberosIV/lib/auth/pam/README index 9505699..2c45a53 100644 --- a/crypto/kerberosIV/lib/auth/pam/README +++ b/crypto/kerberosIV/lib/auth/pam/README @@ -3,9 +3,8 @@ PAM --- The PAM module was written more out of curiosity that anything else. It -has not been updated for quite a while, since none of us are using -Linux, and Solaris does not support PAM yet. We've had positive reports -from at least one person using the module, though. +has not been updated for quite a while, but it seems to mostly work on +both Linux and Solaris. To use this module you should: @@ -20,6 +19,7 @@ There is currently no support for changing kerberos passwords. Use kpasswd instead. See also Derrick J Brashear's `<shadow@dementia.org>' Kerberos PAM -module at `ftp://ftp.dementia.org/pub/pam'. It has a lot more features, -and it is also more in line with other PAM modules. +module at +<ftp://ftp.dementia.org/pub/pam>. It has a lot more features, and it is +also more in line with other PAM modules. diff --git a/crypto/kerberosIV/lib/auth/pam/pam.c b/crypto/kerberosIV/lib/auth/pam/pam.c index 37a125e..d919bf8 100644 --- a/crypto/kerberosIV/lib/auth/pam/pam.c +++ b/crypto/kerberosIV/lib/auth/pam/pam.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -42,7 +37,7 @@ #ifdef HAVE_CONFIG_H #include<config.h> -RCSID("$Id: pam.c,v 1.18 1999/03/17 22:37:10 assar Exp $"); +RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $"); #endif #include <stdio.h> @@ -150,10 +145,10 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv) pw = getpwuid(getuid()); if(strcmp(user, "root") == 0){ - strcpy_truncate(pr.name, pw->pw_name, sizeof(pr.name)); - strcpy_truncate(pr.instance, "root", sizeof(pr.instance)); + strlcpy(pr.name, pw->pw_name, sizeof(pr.name)); + strlcpy(pr.instance, "root", sizeof(pr.instance)); }else{ - strcpy_truncate(pr.name, user, sizeof(pr.name)); + strlcpy(pr.name, user, sizeof(pr.name)); pr.instance[0] = 0; } pmsg = &msg; @@ -212,7 +207,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { - char *tkt; + char *tkt, *var; void *user; const char *homedir = NULL; @@ -225,7 +220,11 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt); - setenv("KRBTKFILE", tkt, 1); + var = malloc(strlen("KRBTKFILE=") + strlen(tkt) + 1); + strcpy(var, "KRBTKFILE="); + strcat(var, tkt); + putenv(var); + pam_putenv(pamh, var); if(k_hasafs()){ k_setpag(); krb_afslog_home(0, 0, homedir); diff --git a/crypto/kerberosIV/lib/auth/pam/pam.conf.add b/crypto/kerberosIV/lib/auth/pam/pam.conf.add index 1bfb30e..42497d2 100644 --- a/crypto/kerberosIV/lib/auth/pam/pam.conf.add +++ b/crypto/kerberosIV/lib/auth/pam/pam.conf.add @@ -1,3 +1,66 @@ +To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch: + +--- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998 ++++ /etc/pam.conf Tue Nov 30 18:47:22 1999 +@@ -4,12 +4,14 @@ + # + # Authentication management + # ++login auth sufficient /usr/athena/lib/pam_krb4.so + login auth required /usr/lib/security/pam_unix.so.1 + login auth required /usr/lib/security/pam_dial_auth.so.1 + # + rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 + rlogin auth required /usr/lib/security/pam_unix.so.1 + # ++dtlogin auth sufficient /usr/athena/lib/pam_krb4.so + dtlogin auth required /usr/lib/security/pam_unix.so.1 + # + rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 +@@ -24,6 +26,8 @@ + # + # Session management + # ++dtlogin session required /usr/athena/lib/pam_krb4.so ++login session required /usr/athena/lib/pam_krb4.so + other session required /usr/lib/security/pam_unix.so.1 + # + # Password management +--------------------------------------------------------------------------- +To enable PAM in /bin/login and xdm under Red Hat 6.1 apply these patches: + +--- /etc/pam.d/login~ Thu Jul 8 00:14:02 1999 ++++ /etc/pam.d/login Mon Aug 30 14:33:12 1999 +@@ -1,9 +1,12 @@ + #%PAM-1.0 ++# Updated to work with kerberos ++auth sufficient /lib/security/pam_krb4.so + auth required /lib/security/pam_securetty.so + auth required /lib/security/pam_pwdb.so shadow nullok + auth required /lib/security/pam_nologin.so + account required /lib/security/pam_pwdb.so + password required /lib/security/pam_cracklib.so + password required /lib/security/pam_pwdb.so nullok use_authtok shadow ++session required /lib/security/pam_krb4.so + session required /lib/security/pam_pwdb.so + session optional /lib/security/pam_console.so +--- /etc/pam.d/xdm~ Mon Jun 14 17:39:05 1999 ++++ /etc/pam.d/xdm Mon Aug 30 14:54:51 1999 +@@ -1,8 +1,10 @@ + #%PAM-1.0 ++auth sufficient /lib/security/pam_krb4.so + auth required /lib/security/pam_pwdb.so shadow nullok + auth required /lib/security/pam_nologin.so + account required /lib/security/pam_pwdb.so + password required /lib/security/pam_cracklib.so + password required /lib/security/pam_pwdb.so shadow nullok use_authtok ++session required /lib/security/pam_krb4.so + session required /lib/security/pam_pwdb.so + session optional /lib/security/pam_console.so +-------------------------------------------------------------------------- + +This stuff may work under some other system. + # To get this to work, you will have to add entries to /etc/pam.conf # # To make login kerberos-aware, you might change pam.conf to look |
