[14606] in Kerberos
Valid in 32 yrs
daemon@ATHENA.MIT.EDU (Benjamin P Myers)
Wed Jun 27 16:50:57 2001
Date: Wed, 27 Jun 2001 15:46:20 -0500 (CDT)
From: Benjamin P Myers <dative@sukrahelitek.com>
To: kerberos@mit.edu
Message-ID: <Pine.LNX.4.21.0106271537570.11915-100000@vishnu.sukra.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I was unable to figure out how to get irix's xdm to see my kdc, so i
hacked up xfree86's xdm to see it, here's the relavent part: {$
krb5_get_init_creds_opt options;$
krb5_error_code code = 0;$
krb5_context context;$
krb5_ccache ccache;$
krb5_creds creds;$ memset(&creds, 0, sizeof(krb5_creds));$
krb5_principal princ = NULL;$ krb5_get_init_creds_opt_init(&options); $
char ccache_name[64];$ krb5_get_init_creds_opt_set_forwardable(&options,1);$
sprintf(ccache_name, "/tmp/krb5cc_%d", p->pw_uid);$
$
code = krb5_init_context(&context);$
if ( code != 0 )$
{$
Debug("krb5_init_conext: %d\n", code);$
return(FAILURE);$
}$
$
code = krb5_parse_name(context, greet->name, &princ);$
if ( code != 0 )$
{$
Debug("krb5_parse_name: %d\n", code);$
krb5_free_context(context);$
return(FAILURE);$
}$
$
code = krb5_get_init_creds_password(context, &creds, princ,$
greet->password, NULL, 0,$
time(0),$
NULL,$
&options);$
if( code != 0 )$
{$
Debug("krb5_get_init_creds_password: %d\n", code);$
krb5_free_principal(context, princ);$
krb5_free_context(context);$
return(FAILURE);$
}$
$
code = krb5_cc_resolve(context, ccache_name, &ccache);$
if( code != 0 )$
{$
Debug("krb5_cc_resolve: %d\n", code);$
return(FAILURE);$
}$
$
code = krb5_cc_initialize(context, ccache, princ);$
if( code != 0 )$
{$
Debug("krb5_cc_initialize: %d\n", code);$
return(FAILURE);$
}$
$
code = krb5_cc_store_cred(context, ccache, &creds);$
if( code != 0 )$
{$
Debug("krb5_cc_store_cred: %d\n", code);$
return(FAILURE);$
}$
$
chown(ccache_name, p->pw_uid, p->pw_gid);$
Debug (" able to get kerberos tgt ");$
return(SUCCESS);$ }$
No doubt there's holes galore in this, but i've not found anything else
(no pam for irix?), so i'm stuck w/ it. i've been using it for about a
month, and the biggest problem that i've had is:
> klist
Ticket cache: FILE:/tmp/krb5cc_502 Default principal:
dative@SUKRAHELITEK.COM Valid starting Expires Service principal 12/22/32
09:41:10 12/22/32 09:41:30 krbtgt/SUKRAHELITEK.COM@SUKRAHELITEK.COM
renew until 12/22/32 09:41:30 Kerberos 4 ticket cache: /tmp/tkt502
klist: You have no tickets cached
as you can see the tickets become valid in 32 years. definately not
desireable. wasn't sure if krbdev was for people developing *on* kerb or
*with* krb, so i post here. any helpful hints?
thanks
-ben
