head	1.10;
access;
symbols
	RELEASE_5_1_0:1.7
	RELEASE_4_8_0:1.7
	RELEASE_5_0_0:1.7
	RELEASE_4_7_0:1.5;
locks; strict;
comment	@# @;


1.10
date	2004.02.28.21.37.18;	author cy;	state dead;
branches;
next	1.9;

1.9
date	2004.01.26.04.10.56;	author cy;	state Exp;
branches;
next	1.8;

1.8
date	2003.08.08.01.42.00;	author cy;	state dead;
branches;
next	1.7;

1.7
date	2002.11.05.06.51.29;	author cy;	state Exp;
branches;
next	1.6;

1.6
date	2002.10.15.04.25.18;	author cy;	state dead;
branches;
next	1.5;

1.5
date	2002.08.20.21.25.23;	author cy;	state Exp;
branches;
next	1.4;

1.4
date	2002.05.14.21.35.13;	author cy;	state dead;
branches;
next	1.3;

1.3
date	2002.04.13.16.33.14;	author cy;	state Exp;
branches;
next	1.2;

1.2
date	2002.03.08.14.38.43;	author cy;	state dead;
branches;
next	1.1;

1.1
date	2002.02.10.22.45.28;	author cy;	state Exp;
branches;
next	;


desc
@@


1.10
log
@MIT KRB5 1.3.2 has been released. Remove the beta.
@
text
@--- appl/bsd/login.c.orig	Tue May 27 21:06:25 2003
+++ appl/bsd/login.c	Tue Jul 29 20:52:25 2003
@@@@ -1342,19 +1342,6 @@@@
 		setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
 	    }
 
-	    /* Policy: If local password is good, user is good.
-	       We really can't trust the Kerberos password,
-	       because somebody on the net could spoof the
-	       Kerberos server (not easy, but possible).
-	       Some sites might want to use it anyways, in
-	       which case they should change this line
-	       to:
-	       if (kpass_ok)
-	    */
-
-	    if (lpass_ok)
-		break;
-
 	    if (got_v5_tickets) {
 		retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
 						NULL, &xtra_creds,
@@@@ -1378,6 +1365,9 @@@@
 	    }
 #endif /* KRB4_GET_TICKETS */
 
+	    if (lpass_ok)
+		break;
+
 	bad_login:
 	    setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
 
@@@@ -1667,21 +1657,23 @@@@
 	/* set up credential cache -- obeying KRB5_ENV_CCNAME 
 	   set earlier */
 	/* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
-	if ((retval = krb5_cc_default(kcontext, &ccache))) {
+	if ((retval = krb5_cc_default(kcontext, &ccache)))
 	    com_err(argv[0], retval, "while getting default ccache");
-	} else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) {
-	    com_err(argv[0], retval, "when initializing cache");
-	} else if ((retval = krb5_cc_store_cred(kcontext, ccache, 
-						&my_creds))) {
-	    com_err(argv[0], retval, "while storing credentials");
-	} else if (xtra_creds &&
-		   (retval = krb5_cc_copy_creds(kcontext, xtra_creds,
-						ccache))) {
-	    com_err(argv[0], retval, "while storing credentials");
+	else {
+	    if (retval = krb5_cc_initialize(kcontext, ccache, me))
+		com_err(argv[0], retval, "when initializing cache");
+	    else {
+		if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds))
+		    com_err(argv[0], retval, "while storing credentials");
+		else  {
+		    if (xtra_creds &&
+				(retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) {
+			com_err(argv[0], retval, "while storing credentials");
+			krb5_cc_destroy(kcontext, xtra_creds);
+		    }
+		}
+	    }
 	}
-
-	if (xtra_creds)
-	    krb5_cc_destroy(kcontext, xtra_creds);
     } else if (forwarded_v5_tickets && rewrite_ccache) {
 	if ((retval = krb5_cc_initialize (kcontext, ccache, me))) {
 	    syslog(LOG_ERR,
@@@@ -1762,6 +1754,7 @@@@
 
     if (ccname)
 	setenv("KRB5CCNAME", ccname, 1);
+    krb5_cc_set_default_name(kcontext, ccname);
 
     setenv("HOME", pwd->pw_dir, 1);
     setenv("PATH", LPATH, 1);
@


1.9
log
@Brand new MIT KRB5 beta.
@
text
@@


1.8
log
@MIT KRB5 1.3 has been released. Remove the beta.
@
text
@d1 3
a3 3
--- appl/bsd/login.c.ORIG	Wed Oct 13 12:55:47 1999
+++ appl/bsd/login.c	Wed Oct 13 12:56:29 1999
@@@@ -1303,19 +1304,6 @@@@
d21 3
a23 3
 		if (retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
 						    NULL, &xtra_creds,
@@@@ -1338,6 +1326,9 @@@@
d33 1
a33 1
@@@@ -1640,20 +1631,28 @@@@
d37 2
a38 3
-	if (retval = krb5_cc_default(kcontext, &ccache)) {
+	retval = krb5_cc_default(kcontext, &ccache);
+	if (retval)
d40 1
a40 1
-	} else if (retval = krb5_cc_initialize(kcontext, ccache, me)) {
d42 2
a43 1
-	} else if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) {
d50 1
a50 2
+	    retval = krb5_cc_initialize(kcontext, ccache, me);
+	    if (retval)
d53 1
a53 2
+		retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
+		if (retval)
d56 3
a58 5
+		    if (xtra_creds) {
+			retval = krb5_cc_copy_creds(kcontext, xtra_creds,
+						ccache);
+			if (retval)
+			    com_err(argv[0], retval, "while storing credentials");
d70 1
a70 1
@@@@ -1727,6 +1727,7 @@@@
@


1.7
log
@New MIT Kerberos V beta, version 1.2.7-beta1.
@
text
@@


1.6
log
@MIT KRB5 1.2.6 has been GA for some time. Remove the beta.
@
text
@@


1.5
log
@New MIT Kerberos V beta, V 1.2.6-beta1.
@
text
@@


1.4
log
@Removing krb5-beta port.  As krb5-1.2.5 went GA 14 days ago, krb5-beta
is not relevant at this time.
@
text
@@


1.3
log
@New MIT Kerberos V beta, V 1.2.5-beta1.
@
text
@@


1.2
log
@Removing krb5-beta port.  Krb5-beta is a "test" port to allow FreeBSD users
the opportunity to use/test the upcoming krb5 before it is released.
Krb5-1.2.4 was released over a week ago superceeding this port.  This port
will be resurrected when a new krb5-beta becomes available.
@
text
@@


1.1
log
@New port, Kerberos V 1.2.4-beta1.
@
text
@@

