From bear@coyotesong.com  Tue Jan 11 03:52:27 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
	by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id DAA09379
	for <bugs@RT-11.MIT.EDU>; Tue, 11 Jan 2000 03:52:26 -0500 (EST)
Received: from bgiles.dimensional.com by MIT.EDU with SMTP
	id AA16863; Tue, 11 Jan 00 03:52:00 EST
Received: (from bear@localhost)
	by eris.coyotesong.com (8.9.3/8.9.3/Debian/GNU) id BAA20689;
	Tue, 11 Jan 2000 01:52:57 -0700
Message-Id: <200001110852.BAA20689@eris.coyotesong.com>
Date: Tue, 11 Jan 2000 01:52:57 -0700
From: bgiles@coyotesong.com
Reply-To: bgiles@coyotesong.com
To: krb5-bugs@MIT.EDU
Cc:
Subject: PAM-enhanced login.krb5
X-Send-Pr-Version: 3.99

>Number:         811
>Category:       krb5-appl
>Synopsis:       PAM enhancements to appl/bsd/login.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          change-request
>Submitter-Id:   unknown
>Arrival-Date:   Tue Jan 11 03:53:01 EST 2000
>Last-Modified:
>Originator:     Bear Giles
>Organization:
Bear Giles
bgiles@coyotesong.com
>Release:        krb5-1.1.1
>Environment:
	Debian 2.1r5
	
System: Linux eris 2.2.13 #7 SMP Sat Oct 30 20:57:16 MDT 1999 i686 unknown
Architecture: i686

>Description:
The current appl/bsd/login.c program does not support PAM. 
	
>How-To-Repeat:
	
>Fix:
	
The attached patch file provides a minimum level of PAM support
to appl/bsd/login.c.  I have verified that I can specify S/Key 
authentication in my configuration file (application "login.krb5")
and get an S/Key one-time-password prompt when invoking login.krb5
directly.

For various reasons the patched program prompts the user for the
Kerberos password separately than all PAM passwords.  This is probably
a good thing - it allows the user to a different local and Kerberos
password, if desired.  (For the same reason it might make sense to
add an option to prompt for a different principal name, or perhaps
one that is formed in a canonical way from the GECOS field.  E.g.
local user jdoe, GECOS field John Doe,,,,, is converted to
Kerberos prinicpal John.Doe by the obvious transformation.

I have not verfied the behavior of this program when it is called
by one of the Kerberized daemons.


begin 664 0012
M+2TM(&]L9"]S<F,O87!P;"]B<V0O;&]G:6XN8PE-;VX@2F%N(#$P(#(Q.C(R
M.C$Q(#(P,#`**RLK(&YE=R]S<F,O87!P;"]B<V0O;&]G:6XN8PE4=64@2F%N
M(#$Q(#`P.C0T.C(V(#(P,#`*0$`@+3,R,RPV("LS,C,L,3,@0$`*(&-H87(@
M*B!S=')S879E*"D["B`C96YD:68*(`HK"BLC:69D968@2$%615]004T**R-I
M;F-L=61E(#QS96-U<FET>2]P86U?87!P;"YH/@HK(VEN8VQU9&4@/'-E8W5R
M:71Y+W!A;5]M:7-C+F@^"BLC:6YC;'5D92`\<WES+W)E<V]U<F-E+F@^"BLC
M96YD:68**PH@='EP961E9B!K<F(U7W-I9W1Y<&4@<VEG='EP93L*(`H@"D!`
M("TS.#DL-B`K,SDV+#$U($!`"B!].PH@(V5N9&EF"B`**R-I9F1E9B!(059%
M7U!!30HK<W1A=&EC('-T<G5C="!P86U?8V]N=B!C;VYV(#T@>PHK"6UI<V-?
M8V]N=BP**PE.54Q,"BM].PHK"BMS=&%T:6,@<&%M7VAA;F1L95]T("IP86UH
M(#T@3E5,3#L**R-E;F1I9@HK"B`O*B!G970@9FQA9W,@*&QI<W1E9"!A8F]V
M92D@9G)O;2!T:&4@<')O9FEL92`J+PH@=F]I9"!L;V=I;E]G971?:V-O;F8H
M:RD*("`@("`@:W)B-5]C;VYT97AT(&L["D!`("TQ,#(T+#8@*S$P-#`L,3(@
M0$`*("-E;F1I9@H@("`@(&-H87(@*F-C;F%M92`](#`[("`@+RH@;F%M92!O
M9B!F;W)W87)D960@8V%C:&4@*B\*("`@("!C:&%R("IT>B`](#`["BLC:69D
M968@2$%615]004T**R`@("!I;G0@<&%M7W-U8V-E<W,@/2`P.PHK("`@('!I
M9%]T(&-H:6QD7W!I9#L**R`@("!I;G0@<W1A='5S.PHK("`@('-T<G5C="!R
M=7-A9V4@*G5S86=E.PHK(V5N9&EF"B`*("`@("!O9F9?="!L<V5E:R@I.PH@
M("`@(&AA;F1L97(@<V$["D!`("TQ,30Y+#8@*S$Q-S$L,3,@0$`*("`@("!I
M9B`H*F%R9W8I"B`)=7-E<FYA;64@/2`J87)G=CL*(`HK(VEF9&5F($A!5D5?
M4$%-"BL@("`@:68@*')E='9A;"`]('!A;5]S=&%R="`H(FQO9VEN+FMR8C4B
M+"!U<V5R;F%M92P@)F-O;G8L("9P86UH*2D@>PHK"7!A;5]S=')E<G)O<B`H
M<&%M:"P@<F5T=F%L*3L**PEE>&ET("@Q*3L**R`@("!]"BLC96YD:68**PH@
M(VEF("%D969I;F5D*%!/4TE87U1%4DU)3U,I("8F(&1E9FEN960H5$E/0TQ3
M150I"B`@("`@:6]C=&QV86P@/2`P.PH@("`@("\J($]N;'D@9&\@=&AI<R!W
M92!W92=R92!N;W0@=7-I;F<@4$]325A?5$5234E/4R`J+PI`0"`M,3(R,BPV
M("LQ,C4Q+#,P($!`"B`)8VAA<B!U<V5R7W!W<W1R:6YG6TU!6%!74TE:15T[
M"B`C96YD:68@+RH@2U)"-5]'151?5$E#2T544R`J+PH@"BLC:69D968@2$%6
M15]004T**PDO*@HK"2`J($-A;B!T:&4@=7-E<B!P<F]V92!T:&%T('-H92=S
M('=H;R!S:&4@8VQA:6US('1O(&)E/PHK"2`J"BL)("H@5&AE(&5X86-T(&UE
M8VAA;FES;2AS*2!N96-E<W-A<GD@86YD('-U9F9I8VEE;G0@9F]R"BL)("H@
M875S97(@=&\@<')O=F4@:&5R(&ED96YT:71Y(&ES('-P96-I9FEE9"!B>2!T
M:&4@4$%-"BL)("H@<F5S;W5R8V4@8V]N9FEG=7)A=&EO;B!F:6QE+B`@270@
M:7,@<&]S<VEB;&4@=&\**PD@*B!R97%U:7)E(&UU;'1I<&QE(&9O<FUS(&]F
M(&%U=&AE;G1I8V%T:6]N+"!E+F<N+"!B;W1H"BL)("H@82!P87-S=V]R9"!A
M;F0@82!396-U<D-A<F0N"BL)("H**PD@*B!);B!A9&1I=&EO;BP@=&AE(&)E
M:&%V:6]R(&]F('1H92!S>7-T96T@8V%N(&)E(&-H86YG960**PD@*B!B>2!E
M9&ET:6YG('1H92!C;VYF:6=U<F%T:6]N(&9I;&4@+2!I="!I<R`J;F]T*B!N
M96-E<W-A<GD**PD@*B!T;R!R96-O;7!I;&4@=&AI<R!P<F]G<F%M+@HK"2`J
M+PHK"6EF("AP86U?875T:&5N=&EC871E*'!A;6@L(#`I(#T](%!!35]354-#
M15-3*2!["BL)("`@('!A;5]G971?:71E;2`H<&%M:"P@4$%-7U5315(L("AC
M;VYS="!V;VED("HJ*2`F=7-E<FYA;64I.PHK"2`@("!P=V0@/2!G971P=VYA
M;2`H=7-E<FYA;64I.PHK"2`@("!L<&%S<U]O:R`](#$["BL)?0HK"65L<V4@
M>PHK"0EP86U?<V5T7VET96T@*'!A;6@L(%!!35]54T52+"!.54Q,*3L**PE]
M"BL**R-E;'-E("\J($A!5D5?4$%-("HO"B`):68@*'5S97)N86UE(#T]($Y5
M3$PI('L*(`D@("`@9F9L86<@/2`P.PH@"2`@("!G971L;V=I;FYA;64H*3L*
M0$`@+3$R-3,L-B`K,3,P-BPQ,"!`0`H@"6EF("@A=6YI>%]N965D<U]P87-S
M=V0H*2D*(`D@("`@8G)E86L["B`**PEL<&%S<U]O:R`](#$["BL**R-E;F1I
M9B`O*B!(059%7U!!32`J+PHK"B`)+RH@=V4@:&%V92!S979E<F%L('-E=',@
M;V8@8V]D93H*(`D@("`Q*2!G970@=C4@=&EC:V5T<R!A;&]N92`M1$M20C5?
M1T547U1)0TM%5%,*(`D@("`R*2!G970@=C0@=&EC:V5T<R!A;&]N92!;*BH@
M9&]N)W0A(&]N;'D@9V5T('1H96T@*G=I=&@J('8U("HJ70I`0"`M,3(V-2PR
M,B`K,3,R,BPS-"!`0`H@"2HO"B`*("-I9F1E9B!+4D(U7T=%5%]424-+1513
M"BT):68@*&QO9VEN7VMR8C5?9V5T7W1I8VME=',I('L**PEI9B`H;&]G:6Y?
M:W)B-5]G971?=&EC:V5T<PHK(VEF9&5F($A!5D5?4$%-"BL)"28F(&QP87-S
M7V]K"BLC96YD:68**PD)*2!["B`)("`@("\J(')E;F%M92!T:&5S92!T;R!S
M;VUE=&AI;F<@;6]R92!V97)B;W-E("HO"B`)("`@(&MP87-S7V]K(#T@,#L*
M+0D@("`@;'!A<W-?;VL@/2`P.PH@"B`)("`@('-E='!R:6]R:71Y*%!224]?
M4%)/0T534RP@,"P@+30@*R!04DE/7T]&1E-%5"D["BL**PD@("`@+RH**PD@
M("`@("H@268@=V4@=V5R92!D;VEN9R!T:&ES(&%S(&$@4$%-(&UO9'5L92P@
M=V4@8V]U;&0**PD@("`@("H@<F5U<V4@=&AE('!A<W-W;W)D('5S960@=&\@
M875T:&5N=&EC871E('1H92!U<V5R"BL)("`@("`J(&5A<FQI97(N("!&;W(@
M;F]W+"!W92!P<F]M<'0@9F]R('1H92!P87-S=V]R9`HK"2`@("`@*B!E>'!L
M:6-I=&QY+@HK"2`@("`@*B\*(`D@("`@:68@*"$@:S5?9V5T7W!A<W-W;W)D
M*'5S97)?<'=S=')I;F<L('-I>F5O9B`H=7-E<E]P=W-T<FEN9RDI*2!["B`)
M"6=O=&\@8F%D7VQO9VEN.PH@"2`@("!]"B`**R-I9FYD968@2$%615]004T*
M(`D@("`@+RH@;F]W('1H870@=V4@:&%V92!T:&4@<&%S<W=O<F0L('=E)W9E
M(&]B<V-U<F5D('1H:6YG<PH@"2`@("`@("!S=69F:6-I96YT;'DL(&%N9"!C
M86X@879O:60@=')Y:6YG('1I8VME=',@*B\*(`D@("`@:68@*"%P=V0I"B`)
M"6=O=&\@8F%D7VQO9VEN.PH@"B`)("`@(&QP87-S7V]K(#T@=6YI>%]P87-S
M=V1?;VMA>2AU<V5R7W!W<W1R:6YG*3L**R-E;F1I9@H@"B`)("`@(&EF("AP
M=V0M/G!W7W5I9"`A/2`P*2![("\J($1O;B=T(&=E="!T:6-K971S(&9O<B!R
M;V]T("HO"B`)"71R>5]K<F(U*"9M92P@=7-E<E]P=W-T<FEN9RD["D!`("TQ
M,S0V+#$R("LQ-#$U+#$X($!`"B`)?0H@(V5N9&EF("\J($M20C5?1T547U1)
M0TM%5%,@*B\*(`HK(VEF9&5F($A!5D5?4$%-"BL):68@*&QP87-S7V]K*0HK
M"2`@("!B<F5A:SL**R-E;F1I9@HK"B`C:69D968@3TQ$7U!!4U-71`H@"7`@
M/2!G971P87-S("@B4&%S<W=O<F0Z(BD["B`)+RH@8V]N=F5N=&EO;F%L('!A
M<W-W;W)D(&]N;'D@*B\*(`EI9B`H=6YI>%]P87-S=V1?;VMA>2`H<"DI"B`)
M("`@(&)R96%K.PH@(V5N9&EF("\J($],1%]005-35T0@*B\**PH@"7!R:6YT
M9B@B3&]G:6X@:6YC;W)R96-T7&XB*3L*(`EI9B`H*RMC;G0@/CT@-2D@>PH@
M"2`@("!L;V=?<F5P96%T961?9F%I;'5R97,@*'1T>2P@:&]S=&YA;64I.PI`
M0"`M,3,V-BPV("LQ-#0Q+#,V($!`"B`@("`@+RH@8V]M;6ET=&5D('1O(&QO
M9VEN("TM('1U<FX@;V9F('1I;65O=70@*B\*("`@("`H=F]I9"D@86QA<FTH
M*'5?:6YT*2`P*3L*(`HK(VEF9&5F($A!5D5?4$%-"BL**R`@("`O*@HK("`@
M("`J(%=E(&-A;B!G<F%B(&]U<B!U<V5R(&-R961E;G1I86QS(&%T('1H:7,@
M<&]I;G0N"BL@("`@("HO"BL@("`@:68@*"AR971V86P@/2!P86U?<V5T8W)E
M9"`H<&%M:"P@,"DI("$](%!!35]354-#15-3*2!["BL)<&%M7W-T<F5R<F]R
M("AP86UH+"!R971V86PI.PHK"7!A;5]E;F0@*'!A;6@L(%!!35]354-#15-3
M*3L**PEE>&ET("@Q*3L**R`@("!]"BL**R`@("`O*@HK("`@("`J(%-H;W5L
M9"!W92!R969U<V4@86-C97-S(&%N>7=A>3\@"BL@("`@("H**R`@("`@*B!2
M96%S;VYS(&EN8VQU9&4@<F]O="!L;V=I;G,@;VX@:6YS96-U<F4@=&5R;6EN
M86QS+`HK("`@("`J(&1A=&4@86YD('1I;64@<F5S=')I8W1I;VYS+"!T:&4@
M97AI<W1E;F-E(&]F(&$**R`@("`@*B`B+V5T8R]N;VQO9VEN(B!F:6QE+"!E
M>&-E961I;F<@<WES=&5M('%U;W1A<RP@971C+@HK("`@("`J"BL@("`@("H@
M07,@8F5F;W)E+"!T:&4@8F5H879I;W(@;V8@=&AI<R!P<F]G<F%M(&-A;B!B
M92!C:&%N9V5D"BL@("`@("H@8GD@961I=&EN9R!T:&4@4$%-(&-O;F9I9W5R
M871I;VX@<')O9W)A;2`M+2!I="!I<R!N;W0**R`@("`@*B!N96-E<W-A<GD@
M=&\@<F5C;VUP:6QE('1H:7,@<')O9W)A;2X**R`@("`@*B\**R`@("!I9B`H
M*')E='9A;"`]('!A;5]A8V-T7VUG;70@*'!A;6@L(#`I*2`A/2!004U?4U5#
M0T534RD@>PHK"7!A;5]S=')E<G)O<B`H<&%M:"P@<F5T=F%L*3L**PEP86U?
M96YD("AP86UH+"!004U?4U5#0T534RD["BL)97AI="`H,2D["BL@("`@?0HK
M"BLC96QS90HK"B`@("`@+RH*("`@("`@*B!)9B!V86QI9"!S;R!F87(@86YD
M(')O;W0@:7,@;&]G9VEN9R!I;BP@<V5E(&EF(')O;W0@;&]G:6YS(&]N"B`@
M("`@("H@=&AI<R!T97)M:6YA;"!A<F4@<&5R;6ET=&5D+@I`0"`M,30P-BPQ
M,2`K,34Q,2PQ-B!`0`H@"7-L965P97AI="@P*3L*("`@("!]"B`C96YD:68*
M*R-E;F1I9B`O*B!(059%7U!!32`J+PH@"B`@("`@:68@*&-H9&ER*'!W9"T^
M<'=?9&ER*2`\(#`I('L*(`EP<FEN=&8H(DYO(&1I<F5C=&]R>2`E<R%<;B(L
M('!W9"T^<'=?9&ER*3L*+0EI9B`H8VAD:7(H(B\B*2D**PEI9B`H8VAD:7(H
M(B\B*2D@>PHK(VEF($A!5D5?4$%-"BL)("`@('!A;5]E;F0@*'!A;6@L(%!!
M35]354-#15-3*3L**R-E;F1I9@H@"2`@("!E>&ET*#`I.PHK"7T*(`EP=V0M
M/G!W7V1I<B`]("(O(CL*(`EP<FEN=&8H(DQO9V=I;F<@:6X@=VET:"!H;VUE
M(#T@7"(O7"(N7&XB*3L*("`@("!]"D!`("TQ-C`S+#8@*S$W,3,L-38@0$`*
M(`ES>7-L;V<H3$]'7T524BP@(G-E=&QO9VEN*"D@9F%I;'5R92`E9"(L97)R
M;F\I.PH@(V5N9&EF"B`**R-I9F1E9B!(059%7U!!30HK(VEF(#$**R`@("`O
M*@HK("`@("`J(%5L=&EM871E;'DL('=E('=A;G0@=&\@=7-E('1H92!C;V1E
M('1H870@9F]L;&]W<RX@($)U="!I=`HK("`@("`J(&%P<&%R96YT;'D@:&%S
M('-O;64@8G5G<R!S;R!F;W(@;F]W('=E)VQL('-T;W`@:&5R92X**R`@("`@
M*B\**R`@("!P86U?96YD("AP86UH+"!004U?4U5#0T534RD["BL@("`@<&%M
M:"`]($Y53$P["BLC96QS90HK"BL@("`@+RH**R`@("`@*B!792=R92!A8F]U
M="!T;R!C:&%N9V4@;W5R(%5)1"!T;R!M871C:"!T:&4@=7-E<BX@(%=E('!E
M<F9O<FT**R`@("`@*B!A(&9O<FLH*2!P<FEO<B!T;R!T:&%T('1H870@=&AE
M('!A<F5N="!P<F]C97-S(&-A;B!M86YA9V4@=&AE"BL@("`@("H@4$%-('-E
M<W-I;VX@<F]U=&EN97,N("!4:&ES(&-A;B!B92!U<V5D(&9O<B!T:&EN9W,@
M;&EK90HK("`@("`J(&%U=&]M871I8V%L;'D@;6]U;G1I;F<@86YD('5N;6]U
M;G1I;F<@=7-E<B!H;VUE(&1I<F5C=&]R:65S+`HK("`@("`J(&ME97!I;F<@
M<F5C;W)D<R!O9B!T;W1A;"!S>7-T96T@=7-A9V4L(&5T8RX**R`@("`@*@HK
M("`@("`J(%5N9F]R='5N871E;'DL('1H:7,@8G5M<',@=&AE(&YU;6)E<B!O
M9B!P<F]C97-S97,@:6X@=&AE"BL@("`@("H@<WES=&5M+@HK("`@("`J+PHK
M("`@(&EF("@H8VAI;&1?<&ED(#T@9F]R:R@I*2`]/2`M,2D@>PHK"7!A;5]E
M;F0@*'!A;6@L(%!!35]354-#15-3*3L**PEP86UH(#T@3E5,3#L**R`@("!]
M"BL@("`@96QS92!I9B`H8VAI;&1?<&ED("$](#`I('L**PEI9B`H*')E='9A
M;"`]('!A;5]O<&5N7W-E<W-I;VX@*'!A;6@L(#`I*2`A/2!004U?4U5#0T53
M4RD@>PHK"2`@("!P86U?96YD("AP86UH+"!004U?4U5#0T534RD["BL)("`@
M('!A;5]S=')E<G)O<B`H<&%M:"P@<F5T=F%L*3L**PD@("`@<&%M:"`]($Y5
M3$P["BL**PDO*B!W86ET('5N=&EL('1H92!S<&%W;F5D('-H96QL('1E<FUI
M;F%T97,@*B\**PEW86ET-"`H8VAI;&1?<&ED+"`F<W1A='5S+"`P+"`F=7-A
M9V4I.PHK"BL)+RH**PD@*B!792!S879E(&]U<B!U<V%G92!I;F9O<FUA=&EO
M;B!S;R!I="!C86X@8F4@;&]G9V5D"BL)("H@8GD@86YY(&EN=&5R97-T960@
M;6]D=6QE+@HK"2`J+PHK"2\J('!A;5]S971?:71E;2`H<&%M:"P@+"`F=7-A
M9V4L("D[("HO"BL**PEI9B`H*')E='9A;"`]('!A;5]C;&]S95]S97-S:6]N
M("AP86UH+"`P*2D@(3T@4$%-7U-50T-%4U,I"BL)("`@('!A;5]S=')E<G)O
M<B`H<&%M:"P@<F5T=F%L*3L**PHK"7!A;5]E;F0@*'!A;6@L(%!!35]354-#
M15-3*3L**PEP86UH(#T@3E5,3#L**PEE>&ET("@P*3L**PE]"BL@("`@?0HK
M(V5N9&EF"BLC96YD:68**PH@(VEF9&5F"4A!5D5?4T543%5)1`H@("`)+RH*
M("`@"2`J($EF('=E)W)E(&]N(&$@<WES=&5M('=H:6-H(&ME97!S('1R86-K
M(&]F(&QO9VEN('5I9',L('1H96X*0$`@+3$X,CDL-B`K,3DX.2PW($!`"B`@
M("`@97AE8VQP*'!W9"T^<'=?<VAE;&PL('1B=68L(#`I.PH@("`@(&9P<FEN
M=&8H<W1D97)R+"`B;&]G:6XZ(&YO('-H96QL.B`B*3L*("`@("!P97)R;W(H
M<'=D+3YP=U]S:&5L;"D["BL*("`@("!E>&ET*#`I.PH@?0H@"D!`("TR,CDP
M+#8@*S(T-3$L,3`@0$`*(`DH=F]I9"D@9&5S=')O>5]T:6-K971S*"D["B`C
M96YD:68@+RH@2U)"-%]'151?5$E#2T544R`J+PH@("`@('-L965P*"AU7VEN
M="DU*3L**R-I9F1E9B!(059%7U!!30HK("`@(&EF("AP86UH*0HK"7!A;5]E
M;F0@*'!A;6@L(%!!35]354-#15-3*3L**R-E;F1I9@H@("`@(&5X:70H979A
);"D["B!]"B`*
`
end
>Audit-Trail:
>Unformatted:
<synopsis of the problem (one line)>
