Annotation of loncom/debugging_tools/testkerberos.pl, revision 1.1
1.1 ! raeburn 1: #!/usr/bin/perl
! 2: # The LearningOnline Network
! 3: #
! 4: # testkerberos.pl - Checks if Kerberos authentication is functional in the domain
! 5: #
! 6: # $Id: testkerberos.pl $
! 7: #
! 8: # Copyright Michigan State University Board of Trustees
! 9: #
! 10: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
! 11: #
! 12: # LON-CAPA is free software; you can redistribute it and/or modify
! 13: # it under the terms of the GNU General Public License as published by
! 14: # the Free Software Foundation; either version 2 of the License, or
! 15: # (at your option) any later version.
! 16: #
! 17: # LON-CAPA is distributed in the hope that it will be useful,
! 18: # but WITHOUT ANY WARRANTY; without even the implied warranty of
! 19: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 20: # GNU General Public License for more details.
! 21: #
! 22: # You should have received a copy of the GNU General Public License
! 23: # along with LON-CAPA; if not, write to the Free Software
! 24: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
! 25: #
! 26: # /home/httpd/html/adm/gpl.txt
! 27: #
! 28: # http://www.lon-capa.org/
! 29: #
! 30: #################################################
! 31: use strict;
! 32: use Authen::Krb5;
! 33: use Authen::Krb4;
! 34:
! 35: print STDOUT "Enter your LON-CAPA domain, (e.g., msu): ";
! 36: my $domain = <STDIN>;
! 37: chomp($domain);
! 38: print STDOUT "Enter the Kerberos version (4 or 5): ";
! 39: my $version = <STDIN>;
! 40: chomp($version);
! 41: print STDOUT "Enter the Kerberos realm, (e.g., MSU.EDU): ";
! 42: my $realm = <STDIN>;
! 43: chomp($realm);
! 44: print STDOUT "Enter a username which uses Kerberos authentication: ";
! 45: my $username = <STDIN>;
! 46: chomp($username);
! 47: print STDOUT "Enter the password for this user: ";
! 48: system ("stty -echo");
! 49: my $password= <STDIN>;
! 50: system ("stty echo");
! 51: chomp ($password);
! 52: print STDOUT "\n";
! 53:
! 54: my $response;
! 55: if ($username eq '' || $password eq '') {
! 56: $response = "Kerberos check failed - either the username or the password was blank";
! 57: } else {
! 58: my $domaintab = '/home/httpd/lonTabs/domain.tab';
! 59: if ($domain eq '') {
! 60: print STDOUT "Warning: Domain is blank. It will not be possible to retrieve default authentication information for the domain.\n";
! 61: } else {
! 62: if (-e "$domaintab") {
! 63: my ($howpwd,$contentpwd);
! 64: if (open(my $fh,"<$domaintab")) {
! 65: my @lines = <$fh>;
! 66: close($fh);
! 67: chomp(@lines);
! 68: foreach my $line (@lines) {
! 69: next if ($line =~ /^#/);
! 70: my ($dom,$desc,$auth,$autharg,$lang,$loc,$long,$lat,$primary) = split(/:/,$line);
! 71: if ($dom eq $domain) {
! 72: $howpwd = $auth;
! 73: $contentpwd = $autharg;
! 74: last;
! 75: }
! 76: }
! 77: } else {
! 78: print STDOUT "Warning: could not open $domaintab to retrieve default authentication information for the domain: $domain.\n";
! 79: }
! 80: if ($howpwd eq '' || $contentpwd eq '') {
! 81: print STDOUT "Warning: could not determine default authentication and/or argument from $domaintab for domain: $domain\n";
! 82: } else {
! 83: if ($howpwd =~ /^krb(4|5)$/) {
! 84: if ($1 ne $version) {
! 85: print STDOUT "Warning: the default Kerberos authentication in $domaintab for domain: $domain is $1 which is different to the version - $version - which you are currently checking.\n";
! 86: }
! 87: } else {
! 88: print STDOUT "Warning: the default authentication - $howpwd - in $domaintab for this domain ($domain) is not for Kerberos authentication\n";
! 89: }
! 90: if ($contentpwd ne $realm) {
! 91: print STDOUT "Warning: the default Kerberos realm from $domaintab for domain: $domain is $contentpwd which is different to the realm - $realm - you are currently checking\n";
! 92: }
! 93: }
! 94: } else {
! 95: print STDOUT "Warning: could not access $domaintab to retrieve default authentication information for the domain.\n";
! 96: }
! 97: }
! 98: if ($realm ne '') {
! 99: if ($version != 4 && $version != 5) {
! 100: $response = "Kerberos check failed - unexpected kerberos version - $version (this should be 4 or 5)";
! 101: } else {
! 102: my $krbreturn;
! 103: if ($version == 5) {
! 104: &Authen::Krb5::init_context();
! 105: my $krbclient = &Authen::Krb5::parse_name($username.'@'.$realm);
! 106: my $krbservice = "krbtgt/".$realm."\@".$realm;
! 107: my $krbserver = &Authen::Krb5::parse_name($krbservice);
! 108: my $credentials= &Authen::Krb5::cc_default();
! 109: $credentials->initialize(&Authen::Krb5::parse_name($username.'@'.$realm));
! 110: if (exists(&Authen::Krb5::get_init_creds_password)) {
! 111: $krbreturn = &Authen::Krb5::get_init_creds_password(&Authen::Krb5::parse_name($username.'@'.$realm),$password,$krbservice);
! 112: if (ref($krbreturn) eq 'Authen::Krb5::Creds') {
! 113: $response = "Kerberos check passed. Kerberos $version. User: $username - response from Authen::Krb5 was Creds object\n";
! 114: } else {
! 115: $response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn";
! 116: }
! 117: } else {
! 118: $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver,
! 119: $password,$credentials);
! 120: if ($krbreturn == 1) {
! 121: $response = "Kerberos check passed. Kerberos $version. User: $username - response was $krbreturn";
! 122: } else {
! 123: $response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn";
! 124: }
! 125: }
! 126: } elsif ($version == 4) {
! 127: $krbreturn =
! 128: &Authen::Krb4::get_pw_in_tkt($username,'',$realm,'krbtgt',$realm,1,$password);
! 129: if ($krbreturn == 0) {
! 130: $response = "Kerberos check passed. Kerberos $version. User: $username - response was $krbreturn";
! 131: } else {
! 132: $response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn";
! 133: }
! 134: }
! 135: }
! 136: } else {
! 137: $response = "Kerberos check failed - Kerberos realm is blank";
! 138: }
! 139: }
! 140: print STDOUT "$response\n";
! 141:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to testkerberos.pl CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / debugging_tools