[LON-CAPA-cvs] cvs: loncom /debugging_tools testkerberos.pl

raeburn raeburn@source.lon-capa.org
Mon, 12 Apr 2010 20:07:45 -0000


raeburn		Mon Apr 12 20:07:45 2010 EDT

  Modified files:              
    /loncom/debugging_tools	testkerberos.pl 
  Log:
  - bug 6170
    - Kerberos 4 libraries are not included with revision 1.7 of krb5 package.
      Hence, perl-Authen-Krb4 is unavailable for distros using 1.7 (or later)
    - authentication checking for krb4 or krb5 auth types moved to subroutines.
      krb5 check used if Authen::Krb4 unavailable and version = 4 specified.
      User is notified.  
  
  
Index: loncom/debugging_tools/testkerberos.pl
diff -u loncom/debugging_tools/testkerberos.pl:1.1 loncom/debugging_tools/testkerberos.pl:1.2
--- loncom/debugging_tools/testkerberos.pl:1.1	Mon Feb 11 17:21:34 2008
+++ loncom/debugging_tools/testkerberos.pl	Mon Apr 12 20:07:45 2010
@@ -3,7 +3,7 @@
 #
 # testkerberos.pl - Checks if Kerberos authentication is functional in the domain
 #
-# $Id: testkerberos.pl,v 1.1 2008/02/11 17:21:34 raeburn Exp $
+# $Id: testkerberos.pl,v 1.2 2010/04/12 20:07:45 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -30,7 +30,6 @@
 #################################################
 use strict;
 use Authen::Krb5;
-use Authen::Krb4;
 
 print STDOUT "Enter your LON-CAPA domain, (e.g., msu): ";
 my $domain = <STDIN>;
@@ -99,38 +98,10 @@
         if ($version != 4 && $version != 5) {
             $response = "Kerberos check failed - unexpected kerberos version - $version (this should be 4 or 5)";
         } else {
-            my $krbreturn;
             if ($version == 5) {
-                &Authen::Krb5::init_context();
-                my $krbclient = &Authen::Krb5::parse_name($username.'@'.$realm);
-                my $krbservice = "krbtgt/".$realm."\@".$realm;
-                my $krbserver  = &Authen::Krb5::parse_name($krbservice);
-                my $credentials= &Authen::Krb5::cc_default();
-                $credentials->initialize(&Authen::Krb5::parse_name($username.'@'.$realm));
-                if (exists(&Authen::Krb5::get_init_creds_password)) {
-                    $krbreturn = &Authen::Krb5::get_init_creds_password(&Authen::Krb5::parse_name($username.'@'.$realm),$password,$krbservice);
-                    if (ref($krbreturn) eq 'Authen::Krb5::Creds') {
-                        $response = "Kerberos check passed. Kerberos $version. User: $username - response from Authen::Krb5 was Creds object\n";
-                    } else {
-                        $response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn";
-                    }
-                } else {
-                    $krbreturn  = &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver,
-                                                                          $password,$credentials);
-                    if ($krbreturn == 1) {
-                        $response = "Kerberos check passed. Kerberos $version. User: $username - response was $krbreturn";
-                    } else {
-                        $response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn";
-                    }
-                }
+                $response = &check_krb5($username,$realm,$password);
             } elsif ($version == 4) {
-                $krbreturn = 
-                     &Authen::Krb4::get_pw_in_tkt($username,'',$realm,'krbtgt',$realm,1,$password);
-                if ($krbreturn == 0) { 
-                    $response = "Kerberos check passed. Kerberos $version. User: $username - response was $krbreturn";
-                } else {
-                    $response = "Kerberos check failed. Kerberos $version. User: $username - response was $krbreturn";
-                }
+                $response = &check_krb4($username,$realm,$password);
             }
         }
     } else {
@@ -139,3 +110,55 @@
 }
 print STDOUT "$response\n";
 
+sub check_krb4 {
+    my ($username,$realm,$password) = @_;
+    my ($krbreturn,$response);
+    eval {
+        require Authen::Krb4;
+    };
+    if (!$@) {
+        $krbreturn = &Authen::Krb4::get_pw_in_tkt($username,'',$realm,'krbtgt',$realm,1,$password);
+        if ($krbreturn == 0) {
+            $response = "Kerberos check passed. Kerberos 4. User: $username - response was $krbreturn";
+        } else {
+            $response = "Kerberos check failed. Kerberos 4. User: $username - response was $krbreturn";
+        }
+    } else {
+        $response = 'Kerberos check failed. Kerberos '.$version.
+                    ' requires "perl-Authen-Krb4" which does not appear to be installed.'."\n".
+                    'This may be because you are using revision 1.7 or later of the krb5 package,'.
+                    ' which no longer supports Kerberos 4.'."\n".'Checking with Kerberos 5 instead:'."\n".
+                    &check_krb5($username,$realm,$password);
+    }
+    return $response;
+}
+
+sub check_krb5 {
+    my ($username,$realm,$password) = @_;
+    &Authen::Krb5::init_context();
+    my $krbclient = &Authen::Krb5::parse_name($username.'@'.$realm);
+    my $krbservice = "krbtgt/".$realm."\@".$realm;
+    my $krbserver  = &Authen::Krb5::parse_name($krbservice);
+    my $credentials= &Authen::Krb5::cc_default();
+    $credentials->initialize(&Authen::Krb5::parse_name($username.'@'.$realm));
+    my ($krbreturn,$response);
+    if (exists(&Authen::Krb5::get_init_creds_password)) {
+        $krbreturn = &Authen::Krb5::get_init_creds_password(&Authen::Krb5::parse_name($username.'@'.$realm),
+                                                                                      $password,$krbservice);
+        if (ref($krbreturn) eq 'Authen::Krb5::Creds') {
+            $response = "Kerberos check passed. Kerberos 5. User: $username - response from Authen::Krb 5 was Creds object\n";
+        } else {
+            $response = "Kerberos check failed. Kerberos 5. User: $username - response was $krbreturn";
+        }
+    } else {
+        $krbreturn  = &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver,
+                                                              $password,$credentials);
+        if ($krbreturn == 1) {
+            $response = "Kerberos check passed. Kerberos 5. User: $username - response was $krbreturn";
+        } else {
+            $response = "Kerberos check failed. Kerberos 5. User: $username - response was $krbreturn";
+        }
+    }
+    return $response;
+}
+