(do_login): only do krb4_get_afs_tokens if we have done v4

authentication or done a 5to4 conversion of tickets. This is to avoid
delays on a realm that only support Kerberos 5 and drop Kerberos 4
requests.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15839 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-08-08 12:31:57 +00:00
parent 6a76da5c65
commit 9db7cfbc36

View File

@@ -134,6 +134,10 @@ exec_shell(const char *shell, int fallback)
static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth;
#ifdef KRB4
static krb5_boolean get_v4_tgt = FALSE;
#endif
#ifdef OTP
static OtpContext otp_ctx;
@@ -182,8 +186,6 @@ krb5_to4 (krb5_ccache id)
krb5_error_code ret;
krb5_principal princ;
int get_v4_tgt;
ret = krb5_cc_get_principal(context, id, &princ);
if(ret == 0) {
krb5_appdefault_boolean(context, "login",
@@ -235,6 +237,8 @@ krb5_to4 (krb5_ccache id)
memset(&c, 0, sizeof(c));
krb5_free_cred_contents(context, &cred);
}
if (ret != 0)
get_v4_tgt = FALSE;
krb5_free_principal(context, mcred.server);
krb5_free_principal(context, mcred.client);
}
@@ -614,7 +618,8 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn)
#endif /* KRB5 */
#ifdef KRB4
krb4_get_afs_tokens (pwd);
if (auth == AUTH_KRB4 || get_v4_tgt)
krb4_get_afs_tokens (pwd);
#endif /* KRB4 */
add_env("PATH", _PATH_DEFPATH);
@@ -716,7 +721,7 @@ main(int argc, char **argv)
int try;
char username[32];
int optind = 0;
int optidx = 0;
int ask = 1;
struct sigaction sa;
@@ -736,10 +741,10 @@ main(int argc, char **argv)
openlog("login", LOG_ODELAY, LOG_AUTH);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
&optidx))
usage (1);
argc -= optind;
argv += optind;
argc -= optidx;
argv += optidx;
if(help_flag)
usage(0);