RE: authenticating xlock

Neal Mackanic Wed, 25 Aug 93 16:12:20 -0400
Here is a diff of the authenticating xlock and the original xlock.  Very few 
lines of code were added as you can see.  We are using this successfully here.  
When the user unlocks their screen, xlock does an AFS authentication, and then 
renews their token.

diff xlock.c xlock.c.orig

129,136d128
< #ifdef AFS_KERBEROS_ENV
< #include <afs/param.h>
< #include <sys/param.h>
< #include <afs/kautils.h>
< 
< extern int ka_UserAuthenticateGeneral();
< #endif
< 
423d414
<     char       *reason;
481,501c472,476
< #ifdef AFS_KERBEROS_ENV
<       done = ( ka_UserAuthenticateGeneral(
<               KA_USERAUTH_VERSION,
<               pw->pw_name, /* user name */
<               (char *) 0, /* instance */
<               (char *) 0, /* realm */
<               buffer, /* typed passwd */
<               0, /* default lifetime */
<               0, /* spare 1 */
<               0, /* spare 2 */
<               &reason /* error string */
<               ) == 0 ); 
< #endif
< /*
<  * we don't allow for root to have no password, but we handle the case
<  * where the user has no password correctly; they have to hit return
<  * only
<  */
<       if ( !done ) {
<               done = !((strcmp(crypt(buffer, userpass), userpass))
<                      && (!allowroot || strcmp(crypt(buffer, rootpass), 
rootpass)));
---
>       /*
>        * we don't allow for root to have no password, but we handle the case
>        * where the user has no password correctly; they have to hit return
>        * only
>        */
503,513c478,490
<               if (!done && *buffer == NULL) {
<                   /* just hit return, and it wasn't his password */
<                   break;
<               }
<               if (*userpass == NULL && *buffer != NULL) {
<                   /*
<                    * the user has no password, but something was typed anyway.< 
                   * sounds fishy: don't let him in...
<                    */
<                   done = False;
<               }
---
>       done = !((strcmp(crypt(buffer, userpass), userpass))
>              && (!allowroot || strcmp(crypt(buffer, rootpass), rootpass)));
> 
>       if (!done && *buffer == NULL) {
>           /* just hit return, and it wasn't his password */
>           break;
>       }
>       if (*userpass == NULL && *buffer != NULL) {
>           /*
>            * the user has no password, but something was typed anyway.
>            * sounds fishy: don't let him in...
>            */
>           done = False;


-------------------------------------------------------------------------------
Neal Mackanic              |    Distributed Computing Group
LLNL                       |    Lawrence Livermore National Laboratory
NERSC                      |    National Energy Research Supercomputer Center  
P.O. Box 5509  L-561       |    E-mail (internet) [EMAIL PROTECTED]
Livermore, CA. 94551       |    Phone  (510) 423-2396, FAX  (510) 422-0435
-------------------------------------------------------------------------------
RE: authenticating xlock

Reply via email to
