diff --git a/appl/login/login.c b/appl/login/login.c index d346ebe0a..5e6032e34 100644 --- a/appl/login/login.c +++ b/appl/login/login.c @@ -181,21 +181,19 @@ krb5_to4 (krb5_ccache id) int get_v4_tgt; - get_v4_tgt = krb5_config_get_bool(context, NULL, - "libdefaults", - "krb4_get_tickets", - NULL); - ret = krb5_cc_get_principal(context, id, &princ); - if (ret == 0) { - get_v4_tgt = krb5_config_get_bool_default(context, NULL, - get_v4_tgt, - "realms", - *krb5_princ_realm(context, - princ), - "krb4_get_tickets", - NULL); + if(ret == 0) { + krb5_appdefault_boolean(context, "login", + krb5_principal_get_realm(context, princ), + "krb4_get_tickets", FALSE, &get_v4_tgt); krb5_free_principal(context, princ); + } else { + krb5_realm realm = NULL; + krb5_get_default_realm(context, &realm); + krb5_appdefault_boolean(context, "login", + realm, + "krb4_get_tickets", FALSE, &get_v4_tgt); + free(realm); } if (get_v4_tgt) { diff --git a/appl/xnlock/xnlock.c b/appl/xnlock/xnlock.c index 44defc727..72d4af16b 100644 --- a/appl/xnlock/xnlock.c +++ b/appl/xnlock/xnlock.c @@ -579,6 +579,7 @@ verify_krb5(const char *password) { krb5_error_code ret; krb5_ccache id; + krb5_boolean get_v4_tgt; krb5_cc_default(context, &id); ret = krb5_verify_user(context, @@ -589,10 +590,10 @@ verify_krb5(const char *password) NULL); if (ret == 0){ #ifdef KRB4 - if (krb5_config_get_bool(context, NULL, - "libdefaults", - "krb4_get_tickets", - NULL)) { + krb5_appdefault_boolean(context, "xnlock", + krb5_principal_get_realm(context, client), + "krb4_get_tickets", FALSE, &get_v4_tgt); + if(get_v4_tgt) { CREDENTIALS c; krb5_creds mcred, cred; diff --git a/lib/auth/afskauthlib/verify.c b/lib/auth/afskauthlib/verify.c index c45b764ae..0dcb7c255 100644 --- a/lib/auth/afskauthlib/verify.c +++ b/lib/auth/afskauthlib/verify.c @@ -163,49 +163,53 @@ verify_krb5(struct passwd *pwd, } #ifdef KRB4 - if (krb5_config_get_bool(context, NULL, - "libdefaults", - "krb4_get_tickets", - NULL)) { - CREDENTIALS c; - krb5_creds mcred, cred; - krb5_realm realm; + { + krb5_realm realm = NULL; + krb5_boolean get_v4_tgt; - krb5_cc_clear_mcred(&mcred); + krb5_get_default_realm(context, &realm); + krb5_appdefault_boolean(context, "afskauthlib", + realm, + "krb4_get_tickets", FALSE, &get_v4_tgt); + if (get_v4_tgt) { + CREDENTIALS c; + krb5_creds mcred, cred; - krb5_get_default_realm(context, &realm); - krb5_make_principal(context, &mcred.server, realm, - "krbtgt", - realm, - NULL); - free (realm); - ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); - if(ret == 0) { - ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c); - if(ret) - krb5_warn(context, ret, "converting creds"); - else { - set_krbtkfile(pwd->pw_uid); - tf_setup(&c, c.pname, c.pinst); - } - memset(&c, 0, sizeof(c)); - krb5_free_cred_contents(context, &cred); - } else - syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", - krb5_get_err_text(context, ret)); + krb5_cc_clear_mcred(&mcred); + + krb5_make_principal(context, &mcred.server, realm, + "krbtgt", + realm, + NULL); + ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); + if(ret == 0) { + ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c); + if(ret) + krb5_warn(context, ret, "converting creds"); + else { + set_krbtkfile(pwd->pw_uid); + tf_setup(&c, c.pname, c.pinst); + } + memset(&c, 0, sizeof(c)); + krb5_free_cred_contents(context, &cred); + } else + syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", + krb5_get_err_text(context, ret)); - krb5_free_principal(context, mcred.server); - } - if (!pag_set && k_hasafs()) { - k_setpag(); - pag_set = 1; - } + krb5_free_principal(context, mcred.server); + } + free (realm); + if (!pag_set && k_hasafs()) { + k_setpag(); + pag_set = 1; + } - if (pag_set) - krb5_afslog_uid_home(context, ccache, NULL, NULL, - pwd->pw_uid, pwd->pw_dir); + if (pag_set) + krb5_afslog_uid_home(context, ccache, NULL, NULL, + pwd->pw_uid, pwd->pw_dir); + } #endif -out: + out: if(ret && !quiet) printf ("%s\n", krb5_get_err_text (context, ret)); return ret;