diff -up ./serverruntime/scripts/linux/auth.pl.fix ./serverruntime/scripts/linux/auth.pl --- ./serverruntime/scripts/linux/auth.pl.fix 2011-12-01 15:38:49.000000000 -0500 +++ ./serverruntime/scripts/linux/auth.pl 2011-12-01 15:39:30.000000000 -0500 @@ -11,9 +11,12 @@ # David McKnight (IBM) - [254785] [dstore] RSE Server assumes home directory on target machine # David McKnight (IBM) - [262013] [dstore][unix] RSE Daemon fails to start server on HP-UX # David McKnight (IBM) - [270833] Unify rseserver auth.pl to not use "su -p" on any Platform +# Jeff Johnston (Red Hat) - [364859] Support Kerberos #******************************************************************************* use Shell; +use Authen::PAM; +use POSIX qw(ttyname); if (!defined($ARGV[0]) || !defined($ARGV[1]) || !defined($ARGV[2]) || !defined($ARGV[3]) || !defined($ARGV[4])) { @@ -42,7 +45,23 @@ else chomp($pwdIN); - @passwdStruct = getpwnam($userIN); + @passwdStruct = getpwnam($userIN); + + sub my_conv_func { + my @res; + while ( @_ ) { + my $code = shift; + my $msg = shift; + my $ans = ""; + + $ans = $userIN if ($code == PAM_PROMPT_ECHO_ON() ); + $ans = $pwdIN if ($code == PAM_PROMPT_ECHO_OFF() ); + + push @res, (PAM_SUCCESS(),$ans); + } + push @res, PAM_SUCCESS(); + return @res; + } if (@passwdStruct == 0) { @@ -51,15 +70,21 @@ else } else { - $passwd=$passwdStruct[1]; $dir=$passwdStruct[7]; # get the user's home dir - #$passwd = $pass; - - $encryptedPWD = crypt($pwdIN, $passwd); + # now authenticate the password using Authen::PAM instead + # of using passwd in passwdStruct because it does not support + # kerberos + $service="login"; + $tty_name = ttyname(fileno(STDIN)); + ref($pamh = new Authen::PAM($service, $userIN, \&my_conv_func)) || + die "Error code $pamh during PAM init!"; + + $res = $pamh->pam_set_item(PAM_TTY(), $tty_name); + $res = $pamh->pam_authenticate; $classpath=$ENV{CLASSPATH}; $suOptions="-"; - if ($passwd eq $encryptedPWD) + if ($res == PAM_SUCCESS()) { print("success\n");