CONFIG_STR(realm)
CONFIG_STR(admin_principal)
-CONFIG_STR(admin_keytab)
-
CONFIG_STR(admin_bind_userid)
-CONFIG_STR(admin_bind_keytab)
CONFIG_STR(privileged_group)
kadm5_config_params params;
memset((void *) ¶ms, 0, sizeof(params));
- retval = kadm5_init_with_skey(admin_principal, admin_keytab,
+ retval = kadm5_init_with_skey(admin_principal, NULL /*admin_keytab */,
KADM5_ADMIN_SERVICE, ¶ms, KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2, &handle);
if (retval) {
#include <stdio.h>
+
#include <krb5.h>
#include <syslog.h>
com_err(prog, retval, "while setting default realm");
}
-void ceo_krb5_auth(char *principal, char *ktname) {
+void ceo_krb5_auth(char *principal) {
krb5_error_code retval;
krb5_creds creds;
krb5_principal princ;
- krb5_keytab keytab;
krb5_ccache cache;
krb5_get_init_creds_opt options;
if ((retval = krb5_cc_default(context, &cache)))
com_err(prog, retval, "while resolving credentials cache");
- if ((retval = krb5_kt_resolve(context, ktname, &keytab)))
- com_err(prog, retval, "while resolving keytab %s", admin_bind_keytab);
-
- if ((retval = krb5_get_init_creds_keytab(context, &creds, princ, keytab, 0, NULL, &options)))
+ if ((retval = krb5_get_init_creds_keytab(context, &creds, princ, NULL, 0, NULL, &options)))
com_err(prog, retval, "while getting initial credentials");
if ((retval = krb5_cc_initialize(context, cache, princ)))
com_err(prog, retval, "while storing credentials");
krb5_free_cred_contents(context, &creds);
- krb5_kt_close(context, keytab);
krb5_free_principal(context, princ);
krb5_cc_close(context, cache);
}
void ceo_krb5_init();
void ceo_krb5_cleanup();
-void ceo_krb5_auth(char *, char *);
+void ceo_krb5_auth(char *);
void ceo_krb5_deauth();
int ceo_read_password(char *, unsigned int, int);
int proto = LDAP_DEFAULT_PROTOCOL;
const char *sasl_mech = "GSSAPI";
- if (!admin_bind_userid || !admin_bind_keytab)
+ if (!admin_bind_userid)
fatal("not configured");
if (ldap_initialize(&ld, server_url) != LDAP_SUCCESS)
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) != LDAP_OPT_SUCCESS)
ldap_fatal("ldap_set_option");
- ceo_krb5_auth(admin_bind_userid, admin_bind_keytab);
+ ceo_krb5_auth(admin_bind_userid);
if (ldap_sasl_interactive_bind_s(ld, NULL, sasl_mech, NULL, NULL,
LDAP_SASL_QUIET, &ldap_sasl_interact, NULL) != LDAP_SUCCESS)
projects / mspang / pyceo.git / commitdiff