Auth-Krb5Afs
2 results

 view release on metacpan or  search on metacpan

Krb5Afs.pm  view on Meta::CPAN 

    return $s;
}

sub authenticate {
    my($self) = shift;
    my($user, $pass, $service) = @_;
    my($s, $err, $pid);
    my(%pwent);

    TRY: {
	unless( @pwent{qw(name passwd uid gid
			  quota comment gcos home 
			  shell expire)} = getpwnam($user) ) {
	    $err->{user} = "no such user: $user";
	    last;
	}

	$pid = open(W, "|kinit -r 10h -l 20m " . shell_esc($user) . " >/dev/null 2>&1");
	print(W "$pass\n");
	close(W);
	if( $? ) {

Krb5Afs.pm  view on Meta::CPAN 

	    $err->{pass} = "aklog failed: $s";	
	}

	# set the environment (remember to set the uid last)
	$ENV{USER} = $pwent{name};
	$ENV{HOME} = $pwent{home};
	$ENV{SHELL} = $pwent{shell};
	
	if( $> == 0 ) {
	    if( -f $ENV{KRB5CCNAME} ) {
		chown($pwent{uid}, $pwent{gid}, $ENV{KRB5CCNAME}) or die("chown $ENV{KRB5CCNAME}: $!");
	    }
	    $( = $) = $pwent{gid};
	    my $id = `id -G '$pwent{name}'`;
	    $( = $pwent{gid};
	    $) = "$pwent{gid} $id";
	    $< = $> = $pwent{uid};
	}

	# done ok
	$err = undef;
    }
    return wantarray ? ($err, \%pwent) : $err;
}

1;

Krb5Afs.pm  view on Meta::CPAN 

Create a new instance.  You could also use
Auth::Krb5Afs->authenticate() without an instance variable.

=item ($err, $pwent) = $auth->authenticate($user, $pass);

invokes "kinit" and "aklog" to get krb5 and afs tokens.  By
default, the krb5 ticket is good for 20 minutes, renewable up to
10 hours.

If successful, sets the USER, HOME, and SHELL environment variables,
the current uid and gid, and chdirs to HOME.

In an array context, returns an array ref to the result from getpwuid($afs_uid).

In a scalar context, returns error strings in a hash like 
$err->{pass} = "unknown user or wrong password";

=back

=head1 TESTING

README  view on Meta::CPAN 

METHODS
    $auth = Auth::Krb5Afs->new();
        Create a new instance. You could also use
        Auth::Krb5Afs->authenticate() without an instance variable.

    ($err, $pwent) = $auth->authenticate($user, $pass);
        invokes "kinit" and "aklog" to get krb5 and afs tokens. By default,
        the krb5 ticket is good for 20 minutes, renewable up to 10 hours.

        If successful, sets the USER, HOME, and SHELL environment variables,
        the current uid and gid, and chdirs to HOME.

        In an array context, returns an array ref to the result from
        getpwuid($afs_uid).

        In a scalar context, returns error strings in a hash like
        $err->{pass} = "unknown user or wrong password";

TESTING
    The bin/authkrb5afs program behaves like one of courier's authlib
    modules. It reads password etc from file descriptor 3, then invokes the



( run in 0.793 second using v1.01-cache-2.11-cpan-ceb78f64989 )