Disallow Kerberos when S/Key is required. Fixes PR #339.

Submitted by: Paul Traina <pst@Shockwave.com>
svn path=/head/; revision=7800
2025-01-14 14:55:41 +00:00 · 1995-04-13 15:20:35 +00:00 · 1995-04-13 15:20:35 +00:00 · ed8be72c29 · 2020-12-20 02:59:44 +00:00
commit ed8be72c29
parent ae60406da6
1 changed files with 11 additions and 0 deletions
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@ -274,6 +274,17 @@ main(argc, argv)

 		if (pwd) {
 #ifdef KERBEROS
+#ifdef SKEY
+			/*
+			 * Do not allow user to type in kerberos password
+			 * over the net (actually, this is ok for encrypted
+			 * links, but we have no way of determining if the
+			 * link is encrypted.
+			 */
+			if (!permit_password) {
+				rval = 1;		/* failed */
+			} else
+#endif
 			rval = klogin(pwd, instance, localhost, p);
 			if (rval != 0 && rootlogin && pwd->pw_uid != 0)
 				rootlogin = 0;