While recently seting up a Cosign installation, we needed to explicitly
set the Kerberos principal Cosign uses. The attached patch allows the
configuration variable "cosignprincipal" in cosign.conf to set the
principal Cosign will use to authenticate to Kerberos as. We thought
this may be helpful to other users as well, so are giving it to the
community. The patch was created against v3.0.2.
Cheers,
Jason Noble
The Linuxbox
http://www.linuxbox.com
diff --git a/cgi/login.c b/cgi/login.c
index 251d534..89beb13 100644
--- a/cgi/login.c
+++ b/cgi/login.c
@@ -13,6 +13,7 @@
#include <crypt.h>
# endif
#include <ctype.h>
+#include <syslog.h>
#ifdef KRB
#include <krb5.h>
@@ -36,6 +37,7 @@
#ifdef KRB
static char *keytab_path = _KEYTAB_PATH;
static char *ticket_path = _COSIGN_TICKET_CACHE;
+static char *cosign_princ = NULL;
#endif /* KRB */
extern char *cosign_host, *cosign_conf;
@@ -79,6 +81,9 @@ lcgi_configure()
if (( val = cosign_config_get( COSIGNTICKKEY )) != NULL ) {
ticket_path = val;
}
+ if (( val = cosign_config_get( COSIGNPRINCIPALKEY )) != NULL ) {
+ cosign_princ = val;
+ }
# endif /* KRB */
# ifdef SQL_FRIEND
@@ -326,17 +331,28 @@ cosign_login_krb5( struct connlist *head, char *cosignname, char *id,
exit( 0 );
}
- if (( kerror = krb5_sname_to_principal( kcontext, NULL, "cosign",
- KRB5_NT_SRV_HST, &sprinc )) != 0 ) {
+ if (cosign_princ) {
+ kerror = krb5_parse_name( kcontext, cosign_princ, &sprinc);
+ } else {
+ if (( kerror = krb5_sname_to_principal( kcontext, NULL,
+ "cosign",
+ KRB5_NT_SRV_HST,
+ &sprinc )) != 0 ) {
sl[ SL_ERROR ].sl_data = (char *)error_message( kerror );
sl[ SL_TITLE ].sl_data = "Server Principal Error";
subfile( tmpl, sl, 0 );
exit( 0 );
+ }
}
if (( kerror = krb5_verify_init_creds(
kcontext, &kcreds, sprinc, keytab, NULL, kvic_opts )) != 0 ) {
- sl[ SL_ERROR ].sl_data = (char *)error_message( kerror );
+ /* sl[ SL_ERROR ].sl_data = (char *)error_message( kerror ); */
+ int code;
+ char *name;
+ code = krb5_unparse_name( kcontext, sprinc, &name);
+ syslog(LOG_INFO, "princ is: %s\n", name);
+ //free(name);
sl[ SL_TITLE ].sl_data = "Ticket Verify Error";
subfile( tmpl, sl, 0 );
krb5_free_principal( kcontext, sprinc );
diff --git a/common/config.h b/common/config.h
index 37629bf..d5ffd64 100644
--- a/common/config.h
+++ b/common/config.h
@@ -67,6 +67,7 @@ struct matchlist {
#define COSIGNTMPLDIRKEY "cosigntmpldir"
#define COSIGNHOSTKEY "cosignhost"
#define COSIGNKEYTABKEY "cosignkeytab"
+#define COSIGNPRINCIPALKEY "cosignprincipal"
#define COSIGNLOGOUTURLKEY "cosignlogouturl"
#define COSIGNTIMEOUTKEY "cosignnettimeout"
#define COSIGNPORTKEY "cosignport"
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
