Hi,
This patch changes the behaviour of the "rlm_krb5" module (v1.0pre3) to
be more consistent with other freeRADIUS modules, it returns a
"Module-Failure-Message" instead of logging a separate message to the
log file when authenicating a user with an incorrect password.
Regards
Allister Maguire
--- rlm_krb5.c.orig Fri Feb 27 08:04:33 2004
+++ rlm_krb5.c Tue Jun 8 16:05:57 2004
@@ -224,6 +224,9 @@
krb5_context context = *((rlm_krb5_t *)instance)->context; /*
copy data */
const char *user, *pass;
+ VALUE_PAIR *module_fmsg_vp;
+ char module_fmsg[MAX_STRING_LEN];
+
/*
* We can only authenticate user requests which HAVE
* a User-Name attribute.
@@ -304,8 +307,11 @@
if ( (r = krb5_get_in_tkt_with_password(context,
0, NULL, NULL, NULL, pass, ccache, &kcreds, 0)) ) {
- radlog(L_AUTH, "rlm_krb5: [%s] krb5_g_i_t_w_p failed:
%s",
+ DEBUG("rlm_krb5: [%s] krb5_g_i_t_w_p failed: %s",
user, error_message(r));
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_krb5: %s",
error_message(r));
+ module_fmsg_vp = pairmake("Module-Failure-Message",
module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
krb5_free_cred_contents(context, &kcreds);
krb5_cc_destroy(context, ccache);
return RLM_MODULE_REJECT;
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
