--- /dev/null
+/*
+ * Copyright 2000, International Business Machines Corporation and others.
+ * All Rights Reserved.
+ *
+ * This software has been released under the terms of the IBM Public
+ * License. For details, see the LICENSE file in the top-level source
+ * directory or online at http://www.openafs.org/dl/license10.html
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+
+
+#if defined(AFS_SGI_ENV)
+
+#include <limits.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <afs/kauth.h>
+#include <afs/kautils.h>
+
+extern char *ktc_tkt_string();
+
+/*
+ * authenticate with AFS
+ * returns:
+ * 1 if read password but couldn't authenticate correctly via AFS
+ * 0 if authenticated via AFS correctly
+ */
+int
+afs_verify(char *uname, /* user name trying to log in */
+ char *pword, /* password */
+ afs_int32 * exp, /* expiration time */
+ int quite)
+{ /* no printing */
+ auto char *reason;
+
+ ka_Init(0);
+ /*
+ * The basic model for logging in now, is that *if* there
+ * is a kerberos record for this individual user we will
+ * trust kerberos (provided the user really has an account
+ * locally.) If there is no kerberos record (or the password
+ * were typed incorrectly.) we would attempt to authenticate
+ * against the local password file entry. Naturally, if
+ * both fail we use existing failure code.
+ */
+ if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, uname, /* kerberos name */
+ NULL, /* instance */
+ NULL, /* realm */
+ pword, /* password */
+ 0, /* default lifetime */
+ exp, /* spare 1/expiration */
+ 0, /* spare 2 */
+ &reason /* error string */
+ )) {
+ if (!quite) {
+ printf("Unable to authenticate to AFS because %s\n", reason);
+ printf("proceeding with local authentication...\n");
+ }
+ return 1;
+ }
+ /* authenticated successfully */
+ return 0;
+}
+
+char *
+afs_gettktstring(void)
+{
+ return ktc_tkt_string();
+}
+
+#endif
git://git.openafs.org / openafs.git / blobdiff