version 1.3, 1996/06/26 05:36:00 |
version 1.4, 1997/01/27 20:44:16 |
|
|
#endif |
#endif |
|
|
/* |
/* |
* Root logins don't use Kerberos. |
* Root logins don't use Kerberos (or at least shouldn't be |
|
* sending kerberos passwords around in cleartext), so don't |
|
* allow any root logins here (keeping in mind that we only |
|
* get here with a password). |
|
* |
* If we have a realm, try getting a ticket-granting ticket |
* If we have a realm, try getting a ticket-granting ticket |
* and using it to authenticate. Otherwise, return |
* and using it to authenticate. Otherwise, return |
* failure so that we can try the normal passwd file |
* failure so that we can try the normal passwd file |
* for a password. If that's ok, log the user in |
* for a password. If that's ok, log the user in |
* without issuing any tickets. |
* without issuing any tickets. |
*/ |
*/ |
if (strcmp(pw->pw_name, "root") == 0 || |
if (pw->pw_uid == 0 || krb_get_lrealm(realm, 0) != KSUCCESS) |
krb_get_lrealm(realm, 0) != KSUCCESS) |
|
return (1); |
return (1); |
|
|
/* |
/* |
|
|
dest_tkt(); |
dest_tkt(); |
return (1); |
return (1); |
} |
} |
return (0); |
/* Otherwise, leave ticket around, but make sure |
|
* password matches the Unix password. */ |
|
return (1); |
} |
} |
|
|
if (kerror != KSUCCESS) { |
if (kerror != KSUCCESS) { |