version 1.1, 2008/02/11 17:21:34
|
version 1.2, 2010/04/12 20:07:45
|
Line 30
|
Line 30
|
################################################# |
################################################# |
use strict; |
use strict; |
use Authen::Krb5; |
use Authen::Krb5; |
use Authen::Krb4; |
|
|
|
print STDOUT "Enter your LON-CAPA domain, (e.g., msu): "; |
print STDOUT "Enter your LON-CAPA domain, (e.g., msu): "; |
my $domain = <STDIN>; |
my $domain = <STDIN>; |
Line 99 if ($username eq '' || $password eq '')
|
Line 98 if ($username eq '' || $password eq '')
|
if ($version != 4 && $version != 5) { |
if ($version != 4 && $version != 5) { |
$response = "Kerberos check failed - unexpected kerberos version - $version (this should be 4 or 5)"; |
$response = "Kerberos check failed - unexpected kerberos version - $version (this should be 4 or 5)"; |
} else { |
} else { |
my $krbreturn; |
|
if ($version == 5) { |
if ($version == 5) { |
&Authen::Krb5::init_context(); |
$response = &check_krb5($username,$realm,$password); |
my $krbclient = &Authen::Krb5::parse_name($username.'@'.$realm); |
|
my $krbservice = "krbtgt/".$realm."\@".$realm; |
|
my $krbserver = &Authen::Krb5::parse_name($krbservice); |
|
my $credentials= &Authen::Krb5::cc_default(); |
|
$credentials->initialize(&Authen::Krb5::parse_name($username.'@'.$realm)); |
|
if (exists(&Authen::Krb5::get_init_creds_password)) { |
|
$krbreturn = &Authen::Krb5::get_init_creds_password(&Authen::Krb5::parse_name($username.'@'.$realm),$password,$krbservice); |
|
if (ref($krbreturn) eq 'Authen::Krb5::Creds') { |
|
$response = "Kerberos check passed. Kerberos $version. User: $username - response from Authen::Krb5 was Creds object\n"; |
|
} else { |
|
$response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn"; |
|
} |
|
} else { |
|
$krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
|
$password,$credentials); |
|
if ($krbreturn == 1) { |
|
$response = "Kerberos check passed. Kerberos $version. User: $username - response was $krbreturn"; |
|
} else { |
|
$response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn"; |
|
} |
|
} |
|
} elsif ($version == 4) { |
} elsif ($version == 4) { |
$krbreturn = |
$response = &check_krb4($username,$realm,$password); |
&Authen::Krb4::get_pw_in_tkt($username,'',$realm,'krbtgt',$realm,1,$password); |
|
if ($krbreturn == 0) { |
|
$response = "Kerberos check passed. Kerberos $version. User: $username - response was $krbreturn"; |
|
} else { |
|
$response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn"; |
|
} |
|
} |
} |
} |
} |
} else { |
} else { |
Line 139 if ($username eq '' || $password eq '')
|
Line 110 if ($username eq '' || $password eq '')
|
} |
} |
print STDOUT "$response\n"; |
print STDOUT "$response\n"; |
|
|
|
sub check_krb4 { |
|
my ($username,$realm,$password) = @_; |
|
my ($krbreturn,$response); |
|
eval { |
|
require Authen::Krb4; |
|
}; |
|
if (!$@) { |
|
$krbreturn = &Authen::Krb4::get_pw_in_tkt($username,'',$realm,'krbtgt',$realm,1,$password); |
|
if ($krbreturn == 0) { |
|
$response = "Kerberos check passed. Kerberos 4. User: $username - response was $krbreturn"; |
|
} else { |
|
$response = "Kerberos check failed. Kerberos 4. User: $username - response was $krbreturn"; |
|
} |
|
} else { |
|
$response = 'Kerberos check failed. Kerberos '.$version. |
|
' requires "perl-Authen-Krb4" which does not appear to be installed.'."\n". |
|
'This may be because you are using revision 1.7 or later of the krb5 package,'. |
|
' which no longer supports Kerberos 4.'."\n".'Checking with Kerberos 5 instead:'."\n". |
|
&check_krb5($username,$realm,$password); |
|
} |
|
return $response; |
|
} |
|
|
|
sub check_krb5 { |
|
my ($username,$realm,$password) = @_; |
|
&Authen::Krb5::init_context(); |
|
my $krbclient = &Authen::Krb5::parse_name($username.'@'.$realm); |
|
my $krbservice = "krbtgt/".$realm."\@".$realm; |
|
my $krbserver = &Authen::Krb5::parse_name($krbservice); |
|
my $credentials= &Authen::Krb5::cc_default(); |
|
$credentials->initialize(&Authen::Krb5::parse_name($username.'@'.$realm)); |
|
my ($krbreturn,$response); |
|
if (exists(&Authen::Krb5::get_init_creds_password)) { |
|
$krbreturn = &Authen::Krb5::get_init_creds_password(&Authen::Krb5::parse_name($username.'@'.$realm), |
|
$password,$krbservice); |
|
if (ref($krbreturn) eq 'Authen::Krb5::Creds') { |
|
$response = "Kerberos check passed. Kerberos 5. User: $username - response from Authen::Krb 5 was Creds object\n"; |
|
} else { |
|
$response = "Kerberos check failed. Kerberos 5. User: $username - response was $krbreturn"; |
|
} |
|
} else { |
|
$krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
|
$password,$credentials); |
|
if ($krbreturn == 1) { |
|
$response = "Kerberos check passed. Kerberos 5. User: $username - response was $krbreturn"; |
|
} else { |
|
$response = "Kerberos check failed. Kerberos 5. User: $username - response was $krbreturn"; |
|
} |
|
} |
|
return $response; |
|
} |
|
|