Date: Mon, 15 Dec 1997 23:36:26 -0500 (EST) From: Dan Jacobowitz <drow@drow.net> To: hackers@freebsd.org Subject: passwd issues with kerberos Message-ID: <Pine.BSF.3.96.971215232734.20324A-100000@mars.abcinternet.net>
next in thread | raw e-mail | index | archive | help
<RANDOM_OTHER_QUESTIONS> (First of all - my system somehow ended up using MD5 passwords (don't ask) and my next project for passwd will be to make it switch to DES passwords. That's a site-specific patch more than a FreeBSD issue, although I'll make it available once I get it to work.) Next - is the DES encryption used by kerberosIV and that used by libdescrypt? If so, it may be possible for me to hack kdb_edit to create new principals for all of my users from the passwd databse, once we're back in DES mode. Is there an adduser with kerberos support by any chance? Adding each one is a royal pain - I know there must be a better tool than kdb_edit out there somewhere. </RANDOM_OTHER_QUESTIONS> <!--FOR_NOW--> I have currently kerberos installed - more for the encrypted telnet sessions than anything else - but only I and a few others have kerberos principals. I got royally sick of passwd assuming kerberos (unless passwd -l was explicitly specified - Teach a bunch of idiot users THAT:). So, here's a little patch to /usr/src/usr.bin/passwd/passwd.c which simply checks to see whether the user has a kerberos principal and if not assumes local passwords. Now, I understand this may not be desirable in absolutely all situations - that's why the #ifdef. Feel free to offer opinions/alternatives/improvements. Here goes: *** passwd.c.old Fri Aug 1 02:39:47 1997 --- passwd.c Mon Dec 15 23:16:27 1997 *************** *** 208,215 **** if (!use_local_passwd) { #ifdef KERBEROS if(krb_get_lrealm(realm, 0) == KSUCCESS) { ! fprintf(stderr, "realm %s\n", realm); ! exit(krb_passwd(argv[0], iflag, rflag, uflag)); } #endif } --- 208,221 ---- if (!use_local_passwd) { #ifdef KERBEROS if(krb_get_lrealm(realm, 0) == KSUCCESS) { ! #ifndef HATE_NON_KERBEROS ! if (KDC_PR_UNKNOWN != krb_get_pw_in_tkt(uname, "", realm, "krbtgt", realm, 1, "")) { ! #endif ! fprintf(stderr, "realm %s\n", realm); ! exit(krb_passwd(argv[0], iflag, rflag, uflag)); ! #ifndef HATE_NON_KERBEROS ! } ! #endif } #endif }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971215232734.20324A-100000>