Blob Blame History Raw
diff -up ./serverruntime/scripts/linux/auth.pl.fix ./serverruntime/scripts/linux/auth.pl
--- ./serverruntime/scripts/linux/auth.pl.fix	2011-12-01 15:38:49.000000000 -0500
+++ ./serverruntime/scripts/linux/auth.pl	2011-12-01 15:39:30.000000000 -0500
@@ -11,9 +11,12 @@
 # David McKnight   (IBM)   - [254785] [dstore] RSE Server assumes home directory on target machine
 # David McKnight   (IBM)   - [262013] [dstore][unix] RSE Daemon fails to start server on HP-UX
 # David McKnight   (IBM)   - [270833] Unify rseserver auth.pl to not use "su -p" on any Platform
+# Jeff Johnston    (Red Hat) - [364859] Support Kerberos
 #*******************************************************************************
 
 use Shell;
+use Authen::PAM;
+use POSIX qw(ttyname);
 
 if (!defined($ARGV[0]) || !defined($ARGV[1]) || !defined($ARGV[2]) || !defined($ARGV[3]) || !defined($ARGV[4]))
 {
@@ -42,7 +45,23 @@ else
   chomp($pwdIN);
 
 
-   @passwdStruct = getpwnam($userIN);
+  @passwdStruct = getpwnam($userIN);
+
+  sub my_conv_func {
+    my @res;
+    while ( @_ ) {
+        my $code = shift;
+        my $msg = shift;
+        my $ans = "";
+
+        $ans = $userIN if ($code == PAM_PROMPT_ECHO_ON() );
+        $ans = $pwdIN if ($code == PAM_PROMPT_ECHO_OFF() );
+
+        push @res, (PAM_SUCCESS(),$ans);
+    }
+    push @res, PAM_SUCCESS();
+    return @res;
+  }
 
   if (@passwdStruct == 0)
   {
@@ -51,15 +70,21 @@ else
   }
   else
   {
-    $passwd=$passwdStruct[1];
     $dir=$passwdStruct[7]; # get the user's home dir
-    #$passwd = $pass;
-    
-    $encryptedPWD = crypt($pwdIN, $passwd);
+    # now authenticate the password using Authen::PAM instead
+    # of using passwd in passwdStruct because it does not support
+    # kerberos
+    $service="login";
+    $tty_name = ttyname(fileno(STDIN));
+    ref($pamh = new Authen::PAM($service, $userIN, \&my_conv_func)) ||
+         die "Error code $pamh during PAM init!";
+
+    $res = $pamh->pam_set_item(PAM_TTY(), $tty_name);
+    $res = $pamh->pam_authenticate;
     $classpath=$ENV{CLASSPATH};
     $suOptions="-";
 
-    if ($passwd eq $encryptedPWD)
+    if ($res == PAM_SUCCESS())
     {
 		print("success\n");