/* Define if you want AFS support */
#undef AFS
+/* Define this if you want to use AFS/Kerberos 5 option, which runs aklog. */
+#undef AFS_KRB5
+#undef AKLOG_PATH
+
/* Define if you want GSI/Globus authentication support */
#undef GSI
]
)
+# Check whether user wants AFS_KRB5 support
+AFS_KRB5_MSG="no"
+AC_ARG_WITH(afs-krb5,
+ [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
+ [
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
+ else
+ AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
+ fi
+
+ if test -z "$KRB5" ; then
+ AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
+ fi
+
+ LIBS="-lkrbafs $LIBS"
+ if test ! -z "$AFS_LIBS" ; then
+ LIBS="$LIBS $AFS_LIBS"
+ fi
+ AC_DEFINE(AFS_KRB5)
+ AFS_KRB5_MSG="yes"
+ fi
+ ]
+)
+
# Check whether user wants AFS support
AFS_MSG="no"
AC_ARG_WITH(afs,
struct passwd *pw = s->pw;
u_int i;
+#ifdef AFS_KRB5
+/* Default place to look for aklog. */
+#ifdef AKLOG_PATH
+#define KPROGDIR AKLOG_PATH
+#else
+#define KPROGDIR "/usr/bin/aklog"
+#endif /* AKLOG_PATH */
+
+ struct stat st;
+ char *aklog_path;
+#endif /* AFS_KRB5 */
+
/* remove hostkey from the child's memory */
destroy_sensitive_data();
*/
environ = env;
+#ifdef AFS_KRB5
+
+ /* User has authenticated, and if a ticket was going to be
+ * passed we would have it. KRB5CCNAME should already be set.
+ * Now try to get an AFS token using aklog.
+ */
+ if (k_hasafs()) { /* Do we have AFS? */
+
+ aklog_path = xstrdup(KPROGDIR);
+
+ /*
+ * Make sure it exists before we try to run it
+ */
+ if (stat(aklog_path, &st) == 0) {
+ debug("Running %s to get afs token.",aklog_path);
+ system(aklog_path);
+ } else {
+ debug("%s does not exist.",aklog_path);
+ }
+
+ xfree(aklog_path);
+ }
+#endif /* AFS_KRB5 */
+
#ifdef AFS
/* Try to get AFS tokens for the local cell. */
if (k_hasafs()) {
options.kerberos_authentication = 0;
}
#endif /* KRB4 && !KRB5 */
-#ifdef AFS
+#if defined(AFS) || defined(AFS_KRB5)
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
k_setpag();
k_unlog();
}
-#endif /* AFS */
+#endif /* AFS || AFS_KRB5 */
packet_set_nonblocking();