aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2000-11-07 03:01:43 +0800
committernectar <nectar@FreeBSD.org>2000-11-07 03:01:43 +0800
commit026f262f0c7f9f974c881f00ed9ff2d182b32984 (patch)
tree23bf452bc0e4e861e846fd9ba9a149f3598c4f13 /security
parentc1232c176628ce34f5b4142c22f648b0fb9597db (diff)
downloadfreebsd-ports-gnome-026f262f0c7f9f974c881f00ed9ff2d182b32984.tar.gz
freebsd-ports-gnome-026f262f0c7f9f974c881f00ed9ff2d182b32984.tar.zst
freebsd-ports-gnome-026f262f0c7f9f974c881f00ed9ff2d182b32984.zip
A Pluggable Authentication Module for Kerberos 5.
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/pam_krb5/Makefile53
-rw-r--r--security/pam_krb5/distinfo1
-rw-r--r--security/pam_krb5/files/patch-aa89
-rw-r--r--security/pam_krb5/files/patch-ab10
-rw-r--r--security/pam_krb5/files/patch-ac40
-rw-r--r--security/pam_krb5/files/patch-ad286
-rw-r--r--security/pam_krb5/files/patch-ae140
-rw-r--r--security/pam_krb5/files/patch-af176
-rw-r--r--security/pam_krb5/files/patch-ag52
-rw-r--r--security/pam_krb5/files/patch-ah24
-rw-r--r--security/pam_krb5/files/patch-ai24
-rw-r--r--security/pam_krb5/pkg-comment1
-rw-r--r--security/pam_krb5/pkg-descr4
-rw-r--r--security/pam_krb5/pkg-plist1
15 files changed, 902 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 355bff570b47..ee354546913a 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -80,6 +80,7 @@
SUBDIR += p5-PGP-Sign
SUBDIR += pad
SUBDIR += pam-mysql
+ SUBDIR += pam_krb5
SUBDIR += pgp
SUBDIR += pgp5
SUBDIR += pgp6
diff --git a/security/pam_krb5/Makefile b/security/pam_krb5/Makefile
new file mode 100644
index 000000000000..98bf93a7e9c8
--- /dev/null
+++ b/security/pam_krb5/Makefile
@@ -0,0 +1,53 @@
+# Ports collection Makefile for: pam_krb5
+# Date created: 11/03/2000
+# Whom: nectar@FreeBSD.org
+#
+# $FreeBSD$
+#
+
+PORTNAME= pam_krb5
+PORTVERSION= 1.0
+CATEGORIES= security
+MASTER_SITES= http://www.fcusack.com/soft/
+
+MAINTAINER= nectar@FreeBSD.org
+
+WRKSRC= ${WRKDIR}/pam_krb5
+PREFIX?= ${DESTDIR}/usr
+MANPREFIX?= ${DESTDIR}/usr/share
+MAKE_ENV= PREFIX="${PREFIX}" MANPREFIX="${MANPREFIX}" \
+ KRB5BASE="${KRB5BASE}" KRB5_IMPL="${KRB5_IMPL}"
+
+MAN8= pam_krb5.8
+
+# Try hard to figure out which Kerberos implementation we should use to
+# build this thing. There are three possibilities:
+# Heimdal in the base system -- XXX disabled for now (missing libraries)
+# Heimdal from ports
+# MIT Kerberos from ports
+.if defined(KRB5BASE) && defined(KRB5_IMPL)
+# the user thinks he knows what he is doing, so let it be
+.elif exists(/usr/include/heim_err.h) && defined(REALLY_WANT_BASE) && (${REALLY_WANT_BASE} == "yes")
+KRB5BASE=/usr
+KRB5_IMPL="heimdal"
+.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/include/heim_err.h)
+KRB5BASE=${HEIMDAL_HOME}
+KRB5_IMPL=heimdal
+LIB_DEPENDS+= krb5.13:${PORTSDIR}/security/heimdal
+.elif exists(${LOCALBASE}/include/heim_err.h)
+KRB5BASE=${LOCALBASE}
+KRB5_IMPL=heimdal
+LIB_DEPENDS+= krb5.13:${PORTSDIR}/security/heimdal
+.elif defined(KRB5_HOME) && exists(${KRB5_HOME}/include/mit-sipb-copyright.h)
+KRB5BASE=${KRB5_HOME}
+KRB5_IMPL=mit
+LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
+.elif exists(${LOCALBASE}/include/mit-sipb-copyright.h)
+KRB5BASE=${LOCALBASE}
+KRB5_IMPL=mit
+LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
+.else
+.error "No version of Kerberos is installed."
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/pam_krb5/distinfo b/security/pam_krb5/distinfo
new file mode 100644
index 000000000000..54736530a4ab
--- /dev/null
+++ b/security/pam_krb5/distinfo
@@ -0,0 +1 @@
+MD5 (pam_krb5-1.0.tar.gz) = dd4ca3cc1b6b6b124625544e870968cb
diff --git a/security/pam_krb5/files/patch-aa b/security/pam_krb5/files/patch-aa
new file mode 100644
index 000000000000..879bc993df0b
--- /dev/null
+++ b/security/pam_krb5/files/patch-aa
@@ -0,0 +1,89 @@
+--- Makefile.orig Tue Jan 4 19:08:51 2000
++++ Makefile Mon Nov 6 10:59:16 2000
+@@ -1,48 +1,51 @@
+ #
+ # Makefile for pam_krb5
+ #
++CC = cc
++CFLAGS = -O -fPIC -Wall
++LDFLAGS = -shared
+
+-CC = gcc
+-CFLAGS = -O2 -fPIC
+-#LDFLAGS = -shared
+-LDFLAGS = -G
++OSLIBS = -lpam
+
+-DESTDIR = /usr/lib/security
+-MANDIR = /opt/local/man/man5
++# HEIMDAL
++LIBS_heimdal = ${KRB5BASE}/lib/libkrb5.a ${KRB5BASE}/lib/libasn1.a \
++ ${KRB5BASE}/lib/libcom_err.a ${KRB5BASE}/lib/libroken.a \
++ ${KRB5BASE}/lib/libgssapi.a ${KRB5BASE}/lib/libdes.a
+
+-OSLIBS = -lpam -lnsl -lsocket
+-KRB5LIBS = -L/opt/local/lib -lkrb5 -lk5crypto -lcom_err
++# MIT
++LIBS_mit = ${KRB5BASE}/lib/libkrb5.a ${KRB5BASE}/lib/libcom_err.a \
++ ${KRB5BASE}/lib/libk5crypto.a
+
+-LIBS = $(OSLIBS) $(KRB5LIBS)
++LIBS = $(OSLIBS) ${LIBS_${KRB5_IMPL}}
++COMPAT = compat_${KRB5_IMPL}.c
+
+-INC = -I/opt/local/include
++INC = -I${KRB5BASE}/include
+
+
+ ####################################################################
+ # No changes below this line
+
+ SRCS = pam_krb5_auth.c pam_krb5_pass.c pam_krb5_acct.c pam_krb5_sess.c \
+- support.c
++ support.c ${COMPAT}
+
+ OBJS = pam_krb5_auth.o pam_krb5_pass.o pam_krb5_acct.o pam_krb5_sess.o \
+- support.o
++ support.o ${COMPAT:.c=.o}
+
+-all: pam_krb5.so.1
++all: pam_krb5.so
+
+-pam_krb5.so.1: $(OBJS)
++pam_krb5.so: $(OBJS)
+ $(CC) -o $@ $(LDFLAGS) $(OBJS) $(LIBS)
+
+ install:
+- cp pam_krb5.so.1 $(DESTDIR)
+- chown root:sys $(DESTDIR)/pam_krb5.so.1
+- ln -s ./pam_krb5.so.1 $(DESTDIR)/pam_krb5.so
+- cp pam_krb5.5 $(MANDIR)
+- chown root:sys $(MANDIR)/pam_krb5.5
++ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 0555 pam_krb5.so \
++ ${PREFIX}/lib/pam_krb5.so
++ ${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m 0444 pam_krb5.5 \
++ ${MANPREFIX}/man/man8/pam_krb5.8
+
+ clean:
+- rm -f *.so.1 *.o
++ rm -f *.so *.o
+
+-pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h
++pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h krb5compat.h
+ $(CC) -c $(CFLAGS) $(INC) $<
+
+ pam_krb5_pass.o: pam_krb5_pass.c pam_krb5.h
+@@ -54,6 +57,12 @@
+ pam_krb5_sess.o: pam_krb5_sess.c pam_krb5.h
+ $(CC) -c $(CFLAGS) $(INC) $<
+
+-support.o: support.c pam_krb5.h
++support.o: support.c pam_krb5.h krb5compat.h
++ $(CC) -c $(CFLAGS) $(INC) $<
++
++compat_heimdal.o: compat_heimdal.c krb5compat.h
++ $(CC) -c $(CFLAGS) $(INC) $<
++
++compat_mit.o: compat_mit.c krb5compat.h
+ $(CC) -c $(CFLAGS) $(INC) $<
+
diff --git a/security/pam_krb5/files/patch-ab b/security/pam_krb5/files/patch-ab
new file mode 100644
index 000000000000..8e35ac8f6486
--- /dev/null
+++ b/security/pam_krb5/files/patch-ab
@@ -0,0 +1,10 @@
+--- pam_krb5.h.orig Tue Jan 4 19:08:51 2000
++++ pam_krb5.h Mon Nov 6 10:21:49 2000
+@@ -6,6 +6,6 @@
+
+ int get_user_info(pam_handle_t *, char *, int, char **);
+ krb5_error_code pam_prompter(krb5_context, void *, const char *,
+- const char *, int, krb5_prompt[]);
++ int, krb5_prompt[]);
+ int verify_krb_v5_tgt(krb5_context, krb5_ccache, int);
+ void cleanup_cache(pam_handle_t *, void *, int);
diff --git a/security/pam_krb5/files/patch-ac b/security/pam_krb5/files/patch-ac
new file mode 100644
index 000000000000..20a5fc0f9ffb
--- /dev/null
+++ b/security/pam_krb5/files/patch-ac
@@ -0,0 +1,40 @@
+--- pam_krb5_acct.c.orig Tue Jan 4 19:08:51 2000
++++ pam_krb5_acct.c Mon Nov 6 10:21:49 2000
+@@ -11,6 +11,7 @@
+ #include <security/pam_appl.h>
+ #include <security/pam_modules.h>
+ #include <krb5.h>
++#include <com_err.h>
+ #include "pam_krb5.h"
+
+ /* A useful logging macro */
+@@ -38,12 +39,12 @@
+ }
+
+ /* Get username */
+- if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
++ if (pam_get_item(pamh, PAM_USER, (const void **) &name)) {
+ return PAM_PERM_DENIED;;
+ }
+
+ /* Get service name */
+- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
+ if (!service)
+ service = "unknown";
+
+@@ -55,12 +56,12 @@
+ return PAM_SUCCESS;
+ }
+
+- if (krb5_init_context(&pam_context)) {
++ if ((krbret = krb5_init_context(&pam_context)) != 0) {
+ DLOG("krb5_init_context()", error_message(krbret));
+ return PAM_PERM_DENIED;;
+ }
+
+- if (krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) {
++ if ((krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) != 0) {
+ DLOG("krb5_cc_get_principal()", error_message(krbret));
+ pamret = PAM_PERM_DENIED;;
+ goto cleanup;
diff --git a/security/pam_krb5/files/patch-ad b/security/pam_krb5/files/patch-ad
new file mode 100644
index 000000000000..ee2624929723
--- /dev/null
+++ b/security/pam_krb5/files/patch-ad
@@ -0,0 +1,286 @@
+--- pam_krb5_auth.c.orig Tue Jan 4 19:08:51 2000
++++ pam_krb5_auth.c Mon Nov 6 10:46:08 2000
+@@ -7,9 +7,11 @@
+
+ static const char rcsid[] = "$Id: pam_krb5_auth.c,v 1.18 2000/01/04 08:44:08 fcusack Exp $";
+
++#include <errno.h>
+ #include <limits.h> /* PATH_MAX */
+ #include <pwd.h> /* getpwnam */
+ #include <stdio.h> /* tmpnam */
++#include <stdlib.h> /* malloc */
+ #include <strings.h> /* strchr */
+ #include <syslog.h> /* syslog */
+ #include <unistd.h> /* chown */
+@@ -19,7 +21,9 @@
+ #include <security/pam_modules.h>
+
+ #include <krb5.h>
++#include <com_err.h>
+ #include "pam_krb5.h"
++#include "krb5compat.h"
+
+ extern krb5_cc_ops krb5_mcc_ops;
+
+@@ -42,7 +46,7 @@
+ krb5_get_init_creds_opt opts;
+
+ int pamret, i;
+- char *name, *name2;
++ const char *name;
+ char *princ_name = NULL;
+ char *pass = NULL, *service = NULL;
+ char *prompt = NULL;
+@@ -74,13 +78,13 @@
+ }
+
+ /* Get service name */
+- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
+ if (!service)
+ service = "unknown";
+
+ DLOG("entry", "");
+
+- if (krb5_init_context(&pam_context)) {
++ if ((krbret = krb5_init_context(&pam_context)) != 0) {
+ DLOG("krb5_init_context()", error_message(krbret));
+ return PAM_SERVICE_ERR;
+ }
+@@ -93,7 +97,7 @@
+ krb5_get_init_creds_opt_set_forwardable(&opts, 1);
+
+ /* For CNS */
+- if (krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) {
++ if ((krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) != 0) {
+ /* Solaris dtlogin doesn't call pam_end() on failure */
+ if (krbret != KRB5_CC_TYPE_EXISTS) {
+ DLOG("krb5_cc_register()", error_message(krbret));
+@@ -103,14 +107,14 @@
+ }
+
+ /* Get principal name */
+- if (krbret = krb5_parse_name(pam_context, name, &princ)) {
++ if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) {
+ DLOG("krb5_parse_name()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup3;
+ }
+
+ /* Now convert the principal name into something human readable */
+- if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) {
++ if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) {
+ DLOG("krb5_unparse_name()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+@@ -126,18 +130,19 @@
+ (void) sprintf(prompt, "Password for %s: ", princ_name);
+
+ if (try_first_pass || use_first_pass)
+- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
+
+ get_pass:
+ if (!pass) {
+ try_first_pass = 0;
+- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF,
++ &pass)) != 0) {
+ DLOG("get_user_info()", pam_strerror(pamh, pamret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+ }
+ /* We have to free pass. */
+- if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) {
++ if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) {
+ DLOG("pam_set_item()", pam_strerror(pamh, pamret));
+ free(pass);
+ pamret = PAM_SERVICE_ERR;
+@@ -145,25 +150,26 @@
+ }
+ free(pass);
+ /* Now we get it back from the library. */
+- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
+ }
+
+ /* Verify the local user exists (AFTER getting the password) */
+ if (strchr(name, '@')) {
+ /* get a local account name for this principal */
+- if (krbret = krb5_aname_to_localname(pam_context, princ,
+- sizeof(lname), lname)) {
++ if ((krbret = krb5_aname_to_localname(pam_context, princ,
++ sizeof(lname), lname)) != 0) {
+ DLOG("krb5_aname_to_localname()", error_message(krbret));
+ pamret = PAM_USER_UNKNOWN;
+ goto cleanup2;
+ }
+ DLOG("changing PAM_USER to", lname);
+- if (pamret = pam_set_item(pamh, PAM_USER, lname)) {
++ if ((pamret = pam_set_item(pamh, PAM_USER, lname)) != 0) {
+ DLOG("pam_set_item()", pam_strerror(pamh, pamret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+ }
+- if (pamret = pam_get_item(pamh, PAM_USER, (void **) &name)) {
++ if ((pamret = pam_get_item(pamh, PAM_USER, (const void **) &name)
++ != 0)) {
+ DLOG("pam_get_item()", pam_strerror(pamh, pamret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+@@ -177,9 +183,8 @@
+ }
+
+ /* Get a TGT */
+- if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+- pass, pam_prompter, pamh,
+- 0, NULL, &opts)) {
++ if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
++ pass, pam_prompter, pamh, 0, NULL, &opts)) != 0) {
+ DLOG("krb5_get_init_creds_password()", error_message(krbret));
+ if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ pass = NULL;
+@@ -193,17 +198,17 @@
+ strcpy(cache_name, "MEMORY:");
+ (void) tmpnam(&cache_name[7]);
+
+- if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) {
++ if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) != 0) {
+ DLOG("krb5_cc_resolve()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup;
+ }
+- if (krbret = krb5_cc_initialize(pam_context, ccache, princ)) {
++ if ((krbret = krb5_cc_initialize(pam_context, ccache, princ)) != 0) {
+ DLOG("krb5_cc_initialize()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup;
+ }
+- if (krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) {
++ if ((krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) != 0) {
+ DLOG("krb5_cc_store_cred()", error_message(krbret));
+ (void) krb5_cc_destroy(pam_context, ccache);
+ pamret = PAM_SERVICE_ERR;
+@@ -224,7 +229,7 @@
+ pamret = PAM_AUTH_ERR;
+ goto cleanup;
+ }
+- if (pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) {
++ if ((pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) != 0) {
+ DLOG("pam_set_data()", pam_strerror(pamh, pamret));
+ (void) krb5_cc_destroy(pam_context, ccache);
+ pamret = PAM_SERVICE_ERR;
+@@ -288,22 +293,22 @@
+ else if (strcmp(argv[i], "no_ccache") == 0)
+ return PAM_SUCCESS;
+ else if (strstr(argv[i], "ccache=") == argv[i])
+- cache_name = &argv[i][7]; /* save for later */
++ cache_name = (char *) &argv[i][7]; /* save for later */
+ }
+
+ /* Get username */
+- if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
++ if (pam_get_item(pamh, PAM_USER, (const void **) &name)) {
+ return PAM_SERVICE_ERR;
+ }
+
+ /* Get service name */
+- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
+ if (!service)
+ service = "unknown";
+
+ DLOG("entry", "");
+
+- if (krb5_init_context(&pam_context)) {
++ if ((krbret = krb5_init_context(&pam_context)) != 0) {
+ DLOG("krb5_init_context()", error_message(krbret));
+ return PAM_SERVICE_ERR;
+ }
+@@ -311,7 +316,8 @@
+ euid = geteuid(); /* Usually 0 */
+
+ /* Retrieve the cache name */
+- if (pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp)) {
++ if ((pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp))
++ != 0) {
+ DLOG("pam_get_data()", pam_strerror(pamh, pamret));
+ pamret = PAM_CRED_UNAVAIL;
+ goto cleanup3;
+@@ -340,7 +346,7 @@
+ pamret = PAM_BUF_ERR;
+ goto cleanup3;
+ }
+- sprintf(cache_name, "FILE:/tmp/krb5cc_%ld", pw->pw_uid);
++ sprintf(cache_name, "FILE:/tmp/krb5cc_%d", pw->pw_uid);
+ } else {
+ /* cache_name was supplied */
+ char *p = calloc(PATH_MAX + 10, 1); /* should be plenty */
+@@ -357,10 +363,10 @@
+ if (*q == '%') {
+ q++;
+ if (*q == 'u') {
+- sprintf(p, "%ld", pw->pw_uid);
++ sprintf(p, "%d", pw->pw_uid);
+ p += strlen(p);
+ } else if (*q == 'p') {
+- sprintf(p, "%ld", getpid());
++ sprintf(p, "%d", getpid());
+ p += strlen(p);
+ } else {
+ /* Not a special token */
+@@ -375,24 +381,27 @@
+ }
+
+ /* Initialize the new ccache */
+- if (krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ)) {
++ if ((krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ))
++ != 0) {
+ DLOG("krb5_cc_get_principal()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup3;
+ }
+- if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm)) {
++ if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm))
++ != 0) {
+ DLOG("krb5_cc_resolve()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+ }
+- if (krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) {
++ if ((krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) != 0) {
+ DLOG("krb5_cc_initialize()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+ }
+
+ /* Prepare for iteration over creds */
+- if (krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor)) {
++ if ((krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor))
++ != 0) {
+ DLOG("krb5_cc_start_seq_get()", error_message(krbret));
+ (void) krb5_cc_destroy(pam_context, ccache_perm);
+ pamret = PAM_SERVICE_ERR;
+@@ -400,9 +409,10 @@
+ }
+
+ /* Copy the creds (should be two of them) */
+- while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp,
+- &cursor, &creds) == 0)) {
+- if (krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds)) {
++ while ((krbret = compat_cc_next_cred(pam_context, ccache_temp,
++ &cursor, &creds) == 0)) {
++ if ((krbret = krb5_cc_store_cred(pam_context, ccache_perm,
++ &creds)) != 0) {
+ DLOG("krb5_cc_store_cred()", error_message(krbret));
+ (void) krb5_cc_destroy(pam_context, ccache_perm);
+ krb5_free_cred_contents(pam_context, &creds);
+@@ -432,7 +442,7 @@
+ }
+
+ sprintf(cache_env_name, "KRB5CCNAME=%s", cache_name);
+- if (pamret = pam_putenv(pamh, cache_env_name)) {
++ if ((pamret = pam_putenv(pamh, cache_env_name)) != 0) {
+ DLOG("pam_putenv()", pam_strerror(pamh, pamret));
+ (void) krb5_cc_destroy(pam_context, ccache_perm);
+ pamret = PAM_SERVICE_ERR;
diff --git a/security/pam_krb5/files/patch-ae b/security/pam_krb5/files/patch-ae
new file mode 100644
index 000000000000..494de5ec23dd
--- /dev/null
+++ b/security/pam_krb5/files/patch-ae
@@ -0,0 +1,140 @@
+--- pam_krb5_pass.c.orig Tue Jan 4 19:08:51 2000
++++ pam_krb5_pass.c Mon Nov 6 10:21:49 2000
+@@ -7,10 +7,14 @@
+
+ static const char rcsid[] = "$Id: pam_krb5_pass.c,v 1.3 1999/01/19 23:43:11 fcusack Exp $";
+
++#include <errno.h>
++#include <stdio.h> /* sprintf */
++#include <stdlib.h> /* malloc */
+ #include <syslog.h> /* syslog */
+ #include <security/pam_appl.h>
+ #include <security/pam_modules.h>
+ #include <krb5.h>
++#include <com_err.h>
+ #include "pam_krb5.h"
+
+ /* A useful logging macro */
+@@ -27,7 +31,6 @@
+ krb5_context pam_context;
+ krb5_creds creds;
+ krb5_principal princ;
+- krb5_ccache ccache;
+ krb5_get_init_creds_opt opts;
+
+ int result_code;
+@@ -54,23 +57,23 @@
+ }
+
+ /* Get username */
+- if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
++ if ((pam_get_item(pamh, PAM_USER, (const void **) &name)) != 0) {
+ return PAM_SERVICE_ERR;
+ }
+
+ /* Get service name */
+- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
+ if (!service)
+ service = "unknown";
+
+ DLOG("entry", "");
+
+- if (krb5_init_context(&pam_context)) {
++ if ((krbret = krb5_init_context(&pam_context)) != 0) {
+ DLOG("krb5_init_context()", error_message(krbret));
+ return PAM_SERVICE_ERR;
+ }
+
+- if (krb5_init_context(&pam_context)) {
++ if ((krbret = krb5_init_context(&pam_context)) != 0) {
+ DLOG("krb5_init_context()", error_message(krbret));
+ return PAM_SERVICE_ERR;
+ }
+@@ -78,14 +81,14 @@
+ memset(&creds, 0, sizeof(krb5_creds));
+
+ /* Get principal name */
+- if (krbret = krb5_parse_name(pam_context, name, &princ)) {
++ if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) {
+ DLOG("krb5_parse_name()", error_message(krbret));
+ pamret = PAM_USER_UNKNOWN;
+ goto cleanup3;
+ }
+
+ /* Now convert the principal name into something human readable */
+- if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) {
++ if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) {
+ DLOG("krb5_unparse_name()", error_message(krbret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+@@ -101,18 +104,19 @@
+ (void) sprintf(prompt, "Password for %s: ", princ_name);
+
+ if (try_first_pass || use_first_pass)
+- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
+
+ get_pass:
+ if (!pass) {
+ try_first_pass = 0;
+- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF,
++ &pass)) != 0) {
+ DLOG("get_user_info()", pam_strerror(pamh, pamret));
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup2;
+ }
+ /* We have to free pass. */
+- if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) {
++ if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) {
+ DLOG("pam_set_item()", pam_strerror(pamh, pamret));
+ free(pass);
+ pamret = PAM_SERVICE_ERR;
+@@ -120,12 +124,11 @@
+ }
+ free(pass);
+ /* Now we get it back from the library. */
+- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
+ }
+
+- if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+- pass, pam_prompter, pamh,
+- 0, "kadmin/changepw", &opts)) {
++ if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
++ pass, pam_prompter, pamh, 0, "kadmin/changepw", &opts)) != 0) {
+ DLOG("krb5_get_init_creds_password()", error_message(krbret));
+ if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ pass = NULL;
+@@ -138,14 +141,16 @@
+ /* Now get the new password */
+ free(prompt);
+ prompt = "Enter new password: ";
+- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass))
++ != 0) {
+ DLOG("get_user_info()", pam_strerror(pamh, pamret));
+ prompt = NULL;
+ pamret = PAM_SERVICE_ERR;
+ goto cleanup;
+ }
+ prompt = "Enter it again: ";
+- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2)) {
++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2))
++ != 0) {
+ DLOG("get_user_info()", pam_strerror(pamh, pamret));
+ prompt = NULL;
+ pamret = PAM_SERVICE_ERR;
+@@ -160,9 +165,8 @@
+ }
+
+ /* Change it */
+- if (krbret = krb5_change_password(pam_context, &creds, pass,
+- &result_code, &result_code_string,
+- &result_string)) {
++ if ((krbret = krb5_change_password(pam_context, &creds, pass,
++ &result_code, &result_code_string, &result_string)) != 0) {
+ DLOG("krb5_change_password()", error_message(krbret));
+ pamret = PAM_AUTHTOK_ERR;
+ goto cleanup;
diff --git a/security/pam_krb5/files/patch-af b/security/pam_krb5/files/patch-af
new file mode 100644
index 000000000000..dd164e81bddd
--- /dev/null
+++ b/security/pam_krb5/files/patch-af
@@ -0,0 +1,176 @@
+--- support.c.orig Tue Jan 4 19:08:51 2000
++++ support.c Mon Nov 6 11:55:47 2000
+@@ -6,12 +6,17 @@
+
+ static const char rcsid[] = "$Id: support.c,v 1.8 2000/01/04 09:50:03 fcusack Exp $";
+
++#include <errno.h>
+ #include <stdio.h> /* BUFSIZ */
++#include <stdlib.h> /* malloc */
++#include <string.h> /* strncpy */
+ #include <syslog.h> /* syslog */
+ #include <security/pam_appl.h>
+ #include <security/pam_modules.h>
+ #include <krb5.h>
++#include <com_err.h>
+ #include "pam_krb5.h"
++#include "krb5compat.h"
+
+ /*
+ * Get info from the user. Disallow null responses (regardless of flags).
+@@ -22,11 +27,12 @@
+ get_user_info(pam_handle_t *pamh, char *prompt, int type, char **response)
+ {
+ int pamret;
+- struct pam_message msg, *pmsg;
++ struct pam_message msg;
++ const struct pam_message *pmsg;
+ struct pam_response *resp = NULL;
+ struct pam_conv *conv;
+
+- if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv))
++ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
+ return pamret;
+
+ /* set up conversation call */
+@@ -34,7 +40,7 @@
+ msg.msg_style = type;
+ msg.msg = prompt;
+
+- if (pamret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr))
++ if ((pamret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr)) != 0)
+ return pamret;
+
+ /* Caller should ignore errors for non-response conversations */
+@@ -53,8 +59,8 @@
+
+
+ krb5_error_code
+-pam_prompter(krb5_context context, void *data, const char *name,
+- const char *banner, int num_prompts, krb5_prompt prompts[])
++pam_prompter(krb5_context context, void *data, const char *banner, int
++ num_prompts, krb5_prompt prompts[])
+ {
+ int pam_prompts = num_prompts;
+ int pamret, i;
+@@ -64,12 +70,9 @@
+ struct pam_conv *conv;
+ pam_handle_t *pamh = (pam_handle_t *) data;
+
+- if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv))
++ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
+ return KRB5KRB_ERR_GENERIC;
+
+- if (name)
+- pam_prompts++;
+-
+ if (banner)
+ pam_prompts++;
+
+@@ -80,21 +83,11 @@
+ /* Now use pam_prompts as an index */
+ pam_prompts = 0;
+
+- /* Sigh. malloc all the prompts. */
+- if (name) {
+- msg[pam_prompts].msg = malloc(strlen(name) + 1);
+- if (!msg[pam_prompts].msg)
+- goto cleanup;
+- strcpy(msg[pam_prompts].msg, name);
+- msg[pam_prompts].msg_style = PAM_TEXT_INFO;
+- pam_prompts++;
+- }
+-
+ if (banner) {
+ msg[pam_prompts].msg = malloc(strlen(banner) + 1);
+ if (!msg[pam_prompts].msg)
+ goto cleanup;
+- strcpy(msg[pam_prompts].msg, banner);
++ strcpy((char *) msg[pam_prompts].msg, banner);
+ msg[pam_prompts].msg_style = PAM_TEXT_INFO;
+ pam_prompts++;
+ }
+@@ -103,13 +96,14 @@
+ msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
+ if (!msg[pam_prompts].msg)
+ goto cleanup;
+- sprintf(msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
++ sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
+ msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
+ : PAM_PROMPT_ECHO_ON;
+ pam_prompts++;
+ }
+
+- if (pamret = conv->conv(pam_prompts, &msg, &resp, conv->appdata_ptr))
++ if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg,
++ &resp, conv->appdata_ptr)) != 0)
+ goto cleanup;
+
+ if (!resp)
+@@ -117,8 +111,6 @@
+
+ /* Reuse pam_prompts as a starting index */
+ pam_prompts = 0;
+- if (name)
+- pam_prompts++;
+ if (banner)
+ pam_prompts++;
+
+@@ -142,7 +134,7 @@
+
+ for (i = 0; i < pam_prompts; i++) {
+ if (msg[i].msg)
+- free(msg[i].msg);
++ free((char *) msg[i].msg);
+ }
+ free(msg);
+
+@@ -189,8 +181,6 @@
+ krb5_keyblock * keyblock = 0;
+ krb5_data packet;
+ krb5_auth_context auth_context = NULL;
+- krb5_keytab keytab = NULL;
+- char * kt_name = NULL;
+
+ packet.data = 0;
+
+@@ -198,8 +188,8 @@
+ * Get the server principal for the local host.
+ * (Use defaults of "host" and canonicalized local name.)
+ */
+- if (retval = krb5_sname_to_principal(context, NULL, NULL,
+- KRB5_NT_SRV_HST, &princ)) {
++ if ((retval = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST,
++ &princ)) != 0) {
+ if (debug)
+ syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
+ "krb5_sname_to_principal()", error_message(retval));
+@@ -207,7 +197,7 @@
+ }
+
+ /* Extract the name directly. */
+- strncpy(phost, krb5_princ_component(c, princ, 1)->data, BUFSIZ);
++ strncpy(phost, compat_princ_component(context, princ, 1), BUFSIZ);
+ phost[BUFSIZ - 1] = '\0';
+
+ /*
+@@ -215,8 +205,8 @@
+ * (use default/configured keytab, kvno IGNORE_VNO to get the
+ * first match, and enctype is currently ignored anyhow.)
+ */
+- if (retval = krb5_kt_read_service_key(context, NULL, princ, 0,
+- ENCTYPE_DES_CBC_MD5, &keyblock)) {
++ if ((retval = krb5_kt_read_service_key(context, NULL, princ, 0,
++ ENCTYPE_DES_CBC_MD5, &keyblock)) != 0) {
+ /* Keytab or service key does not exist */
+ if (debug)
+ syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
+@@ -256,7 +246,7 @@
+
+ cleanup:
+ if (packet.data)
+- krb5_free_data_contents(context, &packet);
++ compat_free_data_contents(context, &packet);
+ krb5_free_principal(context, princ);
+ return retval;
+
diff --git a/security/pam_krb5/files/patch-ag b/security/pam_krb5/files/patch-ag
new file mode 100644
index 000000000000..2e1c65eb640c
--- /dev/null
+++ b/security/pam_krb5/files/patch-ag
@@ -0,0 +1,52 @@
+--- pam_krb5.5.orig Tue Jan 4 19:08:51 2000
++++ pam_krb5.5 Mon Nov 6 10:27:01 2000
+@@ -1,24 +1,24 @@
+ .\"
+ .\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $
+-.TH pam_krb5 5 "15 Jan 1999"
++.TH pam_krb5 8 "15 Jan 1999"
+ .SH NAME
+ pam_krb5 \- Kerberos 5 PAM module
+ .SH SYNOPSIS
+ .LP
+-.B /usr/lib/security/pam_krb5.so.1
++.B /usr/lib/pam_krb5.so
+ .LP
+ .SH DESCRIPTION
+ .IX "pam_krb5" "" "\fLpam_krb5\fP \(em Kerberos 5 PAM module"
+ .PP
+ The Kerberos 5 service module for PAM, typically
+-.BR /usr/lib/security/pam_krb5.so.1 ,
++.BR /usr/lib/pam_krb5.so ,
+ provides functionality for three PAM categories:
+ authentication,
+ account management,
+ and password management.
+ It also provides null functions for session management.
+ The
+-.B pam_krb5.so.1
++.B pam_krb5.so
+ module is a shared object
+ that can be dynamically loaded to provide
+ the necessary functionality upon demand.
+@@ -177,10 +177,9 @@
+ .SH SEE ALSO
+ .BR kdestroy (1),
+ .BR passwd (1),
+-.BR pam (3),
++.BR pam (8),
+ .BR syslog (3),
+-.BR libpam (4),
+-.BR pam.conf (4).
++.BR pam.conf (5).
+ .SH NOTES
+ Applications should not call
+ .B pam_authenticate()
+@@ -189,7 +188,3 @@
+ and
+ .B pam_end()
+ when using the Kerberos 5 PAM module.
+-.LP
+-dtlogin will not successfully authenticate a user who enters a realm
+-name as part of their username (even if the authentication
+-module returns success).
diff --git a/security/pam_krb5/files/patch-ah b/security/pam_krb5/files/patch-ah
new file mode 100644
index 000000000000..8f62854e32d5
--- /dev/null
+++ b/security/pam_krb5/files/patch-ah
@@ -0,0 +1,24 @@
+--- compat_heimdal.c.orig Mon Nov 6 10:21:49 2000
++++ compat_heimdal.c Mon Nov 6 10:48:37 2000
+@@ -0,0 +1,21 @@
++#include <krb5.h>
++#include "krb5compat.h"
++
++const char *
++compat_princ_component(krb5_context context, krb5_principal princ, int n)
++{
++ return princ->name.name_string.val[n];
++}
++
++void
++compat_free_data_contents(krb5_context context, krb5_data *data)
++{
++ krb5_xfree(data);
++}
++
++krb5_error_code
++compat_cc_next_cred(krb5_context context, const krb5_ccache id,
++ krb5_cc_cursor *cursor, krb5_creds *creds)
++{
++ return krb5_cc_next_cred(context, id, creds, cursor);
++}
diff --git a/security/pam_krb5/files/patch-ai b/security/pam_krb5/files/patch-ai
new file mode 100644
index 000000000000..df90dd56633e
--- /dev/null
+++ b/security/pam_krb5/files/patch-ai
@@ -0,0 +1,24 @@
+--- compat_mit.c.orig Mon Nov 6 10:21:49 2000
++++ compat_mit.c Mon Nov 6 10:49:14 2000
+@@ -0,0 +1,21 @@
++#include <krb5.h>
++#include "krb5compat.h"
++
++const char *
++compat_princ_component(krb5_context context, krb5_principal princ, int n)
++{
++ return krb5_princ_component(context, princ, n)->data;
++}
++
++void
++compat_free_data_contents(krb5_context context, krb5_data *data)
++{
++ krb5_free_data_contents(context, data);
++}
++
++krb5_error_code
++compat_cc_next_cred(krb5_context context, const krb5_ccache id,
++ krb5_cc_cursor *cursor, krb5_creds *creds)
++{
++ return krb5_cc_next_cred(context, id, cursor, creds);
++}
diff --git a/security/pam_krb5/pkg-comment b/security/pam_krb5/pkg-comment
new file mode 100644
index 000000000000..7e718e8bbb10
--- /dev/null
+++ b/security/pam_krb5/pkg-comment
@@ -0,0 +1 @@
+A Pluggable Authentication Module for Kerberos 5
diff --git a/security/pam_krb5/pkg-descr b/security/pam_krb5/pkg-descr
new file mode 100644
index 000000000000..89603de2f45b
--- /dev/null
+++ b/security/pam_krb5/pkg-descr
@@ -0,0 +1,4 @@
+A Pluggable Authentication Module for Kerberos 5, which can
+be compiled for either Heimdal or MIT Kerberos.
+
+WWW: http://www.fcusack.com/
diff --git a/security/pam_krb5/pkg-plist b/security/pam_krb5/pkg-plist
new file mode 100644
index 000000000000..ed0796d89284
--- /dev/null
+++ b/security/pam_krb5/pkg-plist
@@ -0,0 +1 @@
+lib/pam_krb5.so