*** radiusd-cistron-1.6.4/src/Make.inc	Mon Aug 21 12:13:27 2000
--- radiusd-cistron-1.6.4-krb5/src/Make.inc	Mon Feb  5 11:20:00 2001
***************
*** 8,20 ****
  
  SERVER_OBJS    = radiusd.o dict.o files.o util.o md5.o attrprint.o \
  			acct.o radius.o pam.o log.o version.o proxy.o \
! 			exec.o auth.o timestr.o cache.o
  SERVERDBM_OBJS = radiusddbm.o dict.o filesdbm.o util.o md5.o attrprint.o \
  			acct.o radius.o pam.o log.o versiondbm.o proxy.o \
! 			exec.o auth.o timestr.o cache.o
  SERVER_SRCS    = radiusd.c dict.c files.c util.c md5.c attrprint.c acct.c \
  			radius.c pam.c log.c version.c proxy.c \
! 			exec.c auth.c timestr.c cache.c
  INCLUDES       = radius.h conf.h
  
  all:	radiusd radwho radzap raduse radtest
--- 8,20 ----
  
  SERVER_OBJS    = radiusd.o dict.o files.o util.o md5.o attrprint.o \
  			acct.o radius.o pam.o log.o version.o proxy.o \
! 			exec.o auth.o timestr.o cache.o krb5.o
  SERVERDBM_OBJS = radiusddbm.o dict.o filesdbm.o util.o md5.o attrprint.o \
  			acct.o radius.o pam.o log.o versiondbm.o proxy.o \
! 			exec.o auth.o timestr.o cache.o krb5.o
  SERVER_SRCS    = radiusd.c dict.c files.c util.c md5.c attrprint.c acct.c \
  			radius.c pam.c log.c version.c proxy.c \
! 			exec.c auth.c timestr.c cache.c krb5.c
  INCLUDES       = radius.h conf.h
  
  all:	radiusd radwho radzap raduse radtest
*** radiusd-cistron-1.6.4/src/Makefile.BSD	Sat Sep 18 22:10:41 1999
--- radiusd-cistron-1.6.4-krb5/src/Makefile.BSD	Mon Feb  5 11:18:15 2001
***************
*** 4,12 ****
  #
  
  CC	= gcc
! CFLAGS	= -Wall -g -DNOSHADOW
! LDFLAGS	= # -s #tatic
! LIBS	=
  LCRYPT	= -lcrypt
  
  DBM     = -DNDBM
--- 4,12 ----
  #
  
  CC	= gcc
! CFLAGS	= -Wall -g -DNOSHADOW -I/usr/local/kerberos5/include
! LDFLAGS	= -L /usr/local/kerberos5/lib # -s #tatic
! LIBS	= -lkrb5 -lk5crypto -lcom_err
  LCRYPT	= -lcrypt
  
  DBM     = -DNDBM
*** radiusd-cistron-1.6.4/src/auth.c	Wed Aug 30 13:35:48 2000
--- radiusd-cistron-1.6.4-krb5/src/auth.c	Mon Feb  5 11:15:37 2001
***************
*** 340,345 ****
--- 340,347 ----
  			auth_type = PW_AUTHTYPE_SYSTEM;
  		else if(password_pair && !strcmp(password_pair->strvalue,"PAM"))
  			auth_type = PW_AUTHTYPE_PAM;
+ 		else if(password_pair && !strcmp(password_pair->strvalue,"Kerberos"))
+ 			auth_type = PW_AUTHTYPE_KERBEROS;
  		else
  			auth_type = PW_AUTHTYPE_LOCAL;
  	}
***************
*** 461,466 ****
--- 463,473 ----
  				result = -1;
  			} else
  				strcpy(userpass, password_pair->strvalue);
+ 			break;
+ 		case PW_AUTHTYPE_KERBEROS:
+ 			DEBUG2("  auth: Kerberos");
+ 			if(krb5_authenticate(name, string) != 0)
+ 				result = -1;
  			break;
  		default:
  			result = -1;
*** radiusd-cistron-1.6.4/src/radius.h	Wed Aug 16 14:18:51 2000
--- radiusd-cistron-1.6.4-krb5/src/radius.h	Mon Feb  5 11:17:02 2001
***************
*** 177,182 ****
--- 177,183 ----
  #define PW_AUTHTYPE_SECURID		2
  #define PW_AUTHTYPE_CRYPT		3
  #define PW_AUTHTYPE_REJECT		4
+ #define	PW_AUTHTYPE_KERBEROS		252
  #define PW_AUTHTYPE_PAM			253
  #define PW_AUTHTYPE_ACCEPT		254
  
*** radiusd-cistron-1.6.4/src/krb5.c	Mon Feb  5 12:24:09 2001
--- radiusd-cistron-1.6.4-krb5/src/krb5.c	Mon Feb  5 12:07:53 2001
***************
*** 0 ****
--- 1,66 ----
+ /*  krb5.c Functions for Kerberos5 authentication
+  *  Pretty simple, mostly modeled after rlm_krb5.c from FreeRADIUS
+  *
+  * Copyright 2001 Paul Khavkine <paul@colba.net>
+  * Copyright 2000 The FreeRADIUS server project
+  * Copyright 2000 Nathan Neulinger <nneul@umr.edu>
+  * Copyright 2000 Alan DeKok <aland@ox.org>
+  */
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ 
+ #include <krb5.h>
+ #include <com_err.h>
+ #include "radiusd.h"
+ 
+ int krb5_authenticate(char *user, char *pass)
+ {
+ 
+ 	krb5_context context;		/* context */
+ 	int r = 0;
+ 	krb5_data tgtname = {
+ 		0,
+ 		KRB5_TGS_NAME_SIZE,
+ 		KRB5_TGS_NAME
+ 	};				/* ????? */
+ 
+ 	krb5_creds kcreds;		/* credentials */
+ 
+ 
+ 	context = malloc(sizeof(context));
+ 	if(!context)
+ 		return(-1);
+ 		
+ 	
+ 	krb5_init_context(&context);
+ 	memset((char *)&kcreds, 0, sizeof(kcreds));
+ 	r = krb5_parse_name(context, user,&kcreds.client);
+ 	if(r)
+ 	{	
+ 		log(L_AUTH, "Error: %s\n", error_message(r));
+ 		return(-1);
+ 	}
+ 	r = krb5_build_principal_ext(context, &kcreds.server,
+ 		krb5_princ_realm(context, kcreds.client)->length,
+ 		krb5_princ_realm(context, kcreds.client)->data,
+ 		tgtname.length,
+ 		tgtname.data,
+ 		krb5_princ_realm(context, kcreds.client)->length,
+ 		krb5_princ_realm(context, kcreds.client)->data,
+ 		0);
+ 	if(r)
+ 	{
+ 		log(L_AUTH, "Error: %s\n", error_message(r));
+ 		return(-1);
+ 	}
+ 	r = krb5_get_in_tkt_with_password(context, 0, NULL, NULL, NULL,
+ 		pass, 0, &kcreds, 0);
+ 	if(r)
+ 	{
+ 		log(L_AUTH, "Error: %s\n", error_message(r));
+ 		return(-1);
+ 	}
+ 	return(0);
+ }