d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add an option for pam_krb5 to allow it to authenticate users which don't have

Browse Source 
a local account.

PR:		76678
Submitted by:	daved at tamu.edu
MFC after:	2 weeks
This commit is contained in:
Doug Rabson 2012-08-05 13:40:35 +00:00
parent f261daf5fc
commit 957487515e
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/libpam/modules/pam_krb5/pam_krb5.c
View File

@ -91,6 +91,7 @@ static void compat_free_data_contents(krb5_context, krb5_data *);
#define PAM_OPT_NO_CCACHE "no_ccache"
#define PAM_OPT_NO_USER_CHECK "no_user_check"
#define PAM_OPT_REUSE_CCACHE "reuse_ccache"
#define PAM_OPT_NO_USER_CHECK "no_user_check"
#define PAM_LOG_KRB5_ERR(ctx, rv, fmt, ...) \
do { \
@ -218,10 +219,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("PAM_USER Redone");
}
pwd = getpwnam(user);
if (pwd == NULL) {
retval = PAM_USER_UNKNOWN;
goto cleanup2;
if (!openpam_get_option(pamh, PAM_OPT_NO_USER_CHECK)) {
pwd = getpwnam(user);
if (pwd == NULL) {
retval = PAM_USER_UNKNOWN;
goto cleanup2;
}
}
PAM_LOG("Done getpwnam()");