summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2001-02-08 18:39:36 +0000
committerGerald Carter <jerry@samba.org>2001-02-08 18:39:36 +0000
commitb5eb73d9aa3e25aee0ef800961dc8345229fc779 (patch)
treeb34754f01f913a2780de12c8b28e6065bfba9522
parenta44daf2961b0c5aa5bb64d42d44a49cce38a9e38 (diff)
downloadsamba-b5eb73d9aa3e25aee0ef800961dc8345229fc779.tar.gz
samba-b5eb73d9aa3e25aee0ef800961dc8345229fc779.tar.bz2
samba-b5eb73d9aa3e25aee0ef800961dc8345229fc779.zip
add pam_setcred() call to pam_auth(). Patch was submited last Oct.
jerry (This used to be commit 57165d1578eefa270d5c0bd8697a774eb8cb06cf)
-rw-r--r--source3/auth/pass_check.c8
-rw-r--r--source3/passdb/pass_check.c8
2 files changed, 16 insertions, 0 deletions
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index aea543d853..c803816e04 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -134,6 +134,14 @@ static BOOL pam_auth(char *user, char *password)
* put a pam_allow.so entry in /etc/pam.conf for account handling. */
pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
PAM_BAIL;
+
+ /*
+ * This will allow samba to aquire a kerberos token. And, when
+ * exporting an AFS cell, be able to /write/ to this cell.
+ */
+ pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
+ PAM_BAIL;
+
pam_end(pamh, PAM_SUCCESS);
/* If this point is reached, the user has been authenticated. */
return (True);
diff --git a/source3/passdb/pass_check.c b/source3/passdb/pass_check.c
index aea543d853..c803816e04 100644
--- a/source3/passdb/pass_check.c
+++ b/source3/passdb/pass_check.c
@@ -134,6 +134,14 @@ static BOOL pam_auth(char *user, char *password)
* put a pam_allow.so entry in /etc/pam.conf for account handling. */
pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
PAM_BAIL;
+
+ /*
+ * This will allow samba to aquire a kerberos token. And, when
+ * exporting an AFS cell, be able to /write/ to this cell.
+ */
+ pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
+ PAM_BAIL;
+
pam_end(pamh, PAM_SUCCESS);
/* If this point is reached, the user has been authenticated. */
return (True);