|
 |
c242d6 |
diff -up ./serverruntime/scripts/linux/auth.pl.fix ./serverruntime/scripts/linux/auth.pl
|
|
|
c242d6 |
--- ./serverruntime/scripts/linux/auth.pl.fix 2011-12-01 15:38:49.000000000 -0500
|
|
|
c242d6 |
+++ ./serverruntime/scripts/linux/auth.pl 2011-12-01 15:39:30.000000000 -0500
|
|
|
c242d6 |
@@ -11,9 +11,12 @@
|
|
|
c242d6 |
# David McKnight (IBM) - [254785] [dstore] RSE Server assumes home directory on target machine
|
|
|
c242d6 |
# David McKnight (IBM) - [262013] [dstore][unix] RSE Daemon fails to start server on HP-UX
|
|
|
c242d6 |
# David McKnight (IBM) - [270833] Unify rseserver auth.pl to not use "su -p" on any Platform
|
|
|
c242d6 |
+# Jeff Johnston (Red Hat) - [364859] Support Kerberos
|
|
|
c242d6 |
#*******************************************************************************
|
|
|
c242d6 |
|
|
|
c242d6 |
use Shell;
|
|
|
c242d6 |
+use Authen::PAM;
|
|
|
c242d6 |
+use POSIX qw(ttyname);
|
|
|
c242d6 |
|
|
|
c242d6 |
if (!defined($ARGV[0]) || !defined($ARGV[1]) || !defined($ARGV[2]) || !defined($ARGV[3]) || !defined($ARGV[4]))
|
|
|
c242d6 |
{
|
|
|
c242d6 |
@@ -42,7 +45,23 @@ else
|
|
|
c242d6 |
chomp($pwdIN);
|
|
|
c242d6 |
|
|
|
c242d6 |
|
|
|
c242d6 |
- @passwdStruct = getpwnam($userIN);
|
|
|
c242d6 |
+ @passwdStruct = getpwnam($userIN);
|
|
|
c242d6 |
+
|
|
|
c242d6 |
+ sub my_conv_func {
|
|
|
c242d6 |
+ my @res;
|
|
|
c242d6 |
+ while ( @_ ) {
|
|
|
c242d6 |
+ my $code = shift;
|
|
|
c242d6 |
+ my $msg = shift;
|
|
|
c242d6 |
+ my $ans = "";
|
|
|
c242d6 |
+
|
|
|
c242d6 |
+ $ans = $userIN if ($code == PAM_PROMPT_ECHO_ON() );
|
|
|
c242d6 |
+ $ans = $pwdIN if ($code == PAM_PROMPT_ECHO_OFF() );
|
|
|
c242d6 |
+
|
|
|
c242d6 |
+ push @res, (PAM_SUCCESS(),$ans);
|
|
|
c242d6 |
+ }
|
|
|
c242d6 |
+ push @res, PAM_SUCCESS();
|
|
|
c242d6 |
+ return @res;
|
|
|
c242d6 |
+ }
|
|
|
c242d6 |
|
|
|
c242d6 |
if (@passwdStruct == 0)
|
|
|
c242d6 |
{
|
|
|
c242d6 |
@@ -51,15 +70,21 @@ else
|
|
|
c242d6 |
}
|
|
|
c242d6 |
else
|
|
|
c242d6 |
{
|
|
|
c242d6 |
- $passwd=$passwdStruct[1];
|
|
|
c242d6 |
$dir=$passwdStruct[7]; # get the user's home dir
|
|
|
c242d6 |
- #$passwd = $pass;
|
|
|
c242d6 |
-
|
|
|
c242d6 |
- $encryptedPWD = crypt($pwdIN, $passwd);
|
|
|
c242d6 |
+ # now authenticate the password using Authen::PAM instead
|
|
|
c242d6 |
+ # of using passwd in passwdStruct because it does not support
|
|
|
c242d6 |
+ # kerberos
|
|
|
c242d6 |
+ $service="login";
|
|
|
c242d6 |
+ $tty_name = ttyname(fileno(STDIN));
|
|
|
c242d6 |
+ ref($pamh = new Authen::PAM($service, $userIN, \&my_conv_func)) ||
|
|
|
c242d6 |
+ die "Error code $pamh during PAM init!";
|
|
|
c242d6 |
+
|
|
|
c242d6 |
+ $res = $pamh->pam_set_item(PAM_TTY(), $tty_name);
|
|
|
c242d6 |
+ $res = $pamh->pam_authenticate;
|
|
|
c242d6 |
$classpath=$ENV{CLASSPATH};
|
|
|
c242d6 |
$suOptions="-";
|
|
|
c242d6 |
|
|
|
c242d6 |
- if ($passwd eq $encryptedPWD)
|
|
|
c242d6 |
+ if ($res == PAM_SUCCESS())
|
|
|
c242d6 |
{
|
|
|
c242d6 |
print("success\n");
|
|
|
c242d6 |
|