Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Dec 1997 23:36:26 -0500 (EST)
From:      Dan Jacobowitz  <drow@drow.net>
To:        hackers@freebsd.org
Subject:   passwd issues with kerberos
Message-ID:  <Pine.BSF.3.96.971215232734.20324A-100000@mars.abcinternet.net>
next in thread | raw e-mail | index | archive | help 

<RANDOM_OTHER_QUESTIONS>

(First of all - my system somehow ended up using MD5 passwords (don't ask)
and my next project for passwd will be to make it switch to DES passwords.
That's a site-specific patch more than a FreeBSD issue, although I'll make
it available once I get it to work.)

Next - is the DES encryption used by kerberosIV and that used by
libdescrypt?  If so, it may be possible for me to hack kdb_edit to create
new principals for all of my users from the passwd databse, once we're
back in DES mode.

Is there an adduser with kerberos support by any chance?  Adding each one
is a royal pain - I know there must be a better tool than kdb_edit out
there somewhere.

</RANDOM_OTHER_QUESTIONS> <!--FOR_NOW-->

I have currently kerberos installed - more for the encrypted telnet
sessions than anything else - but only I and a few others have kerberos
principals.  I got royally sick of passwd assuming kerberos (unless passwd
-l was explicitly specified - Teach a bunch of idiot users THAT:).  So,
here's a little patch to /usr/src/usr.bin/passwd/passwd.c which simply
checks to see whether the user has a kerberos principal and if not assumes
local passwords.  Now, I understand this may not be desirable in
absolutely all situations - that's why the #ifdef.

Feel free to offer opinions/alternatives/improvements.

Here goes:

*** passwd.c.old	Fri Aug  1 02:39:47 1997
--- passwd.c	Mon Dec 15 23:16:27 1997
***************
*** 208,215 ****
  	if (!use_local_passwd) {
  #ifdef	KERBEROS
  		if(krb_get_lrealm(realm, 0) == KSUCCESS) {
! 			fprintf(stderr, "realm %s\n", realm);
! 			exit(krb_passwd(argv[0], iflag, rflag, uflag));
  		}
  #endif
  	}
--- 208,221 ----
  	if (!use_local_passwd) {
  #ifdef	KERBEROS
  		if(krb_get_lrealm(realm, 0) == KSUCCESS) {
! #ifndef HATE_NON_KERBEROS
! 			if (KDC_PR_UNKNOWN != krb_get_pw_in_tkt(uname, "", realm, "krbtgt", realm, 1, "")) {
! #endif
! 				fprintf(stderr, "realm %s\n", realm);
! 				exit(krb_passwd(argv[0], iflag, rflag, uflag));
! #ifndef HATE_NON_KERBEROS
! 			}
! #endif
  		}
  #endif
  	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971215232734.20324A-100000>