add "-4" option to rlogin to not try krb5 auth

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12894 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 05c91afb1fbddb22634da469483cabe6bac79fd4..903d098994e856a9865de00bfaea64f9eb4e9390 100644 (file)
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,9 @@
+2000-12-15  Ken Raeburn  <raeburn@mit.edu>
+
+       * krlogin.c (main): Add new "-4" option, to use krb4
+       authentication only; useful for testing.
+       * rlogin.M: Updated.
+
 2000-12-06  Ken Raeburn  <raeburn@mit.edu>
 
        * krlogind.c (doit): Cast first argument to pty_make_sane_hostname

diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index 1fd4390588fe71dd7c71781975203c355dbd39ea..3b7a6637a4a2a660611e0caac72d4e5c77f4e5ce 100644 (file)
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -375,6 +375,7 @@ main(argc, argv)
 #ifdef KRB5_KRB4_COMPAT
     KTEXT_ST v4_ticket;
     MSG_DAT v4_msg_data;
+    int v4only = 0;
 #endif
 #endif
     int port, debug_port = 0;
@@ -514,11 +515,25 @@ main(argc, argv)
        argv++, argc--;
        goto another;
     }
+#ifdef KRB5_KRB4_COMPAT
+    if (argc > 0 && !strcmp(*argv, "-4")) {
+       v4only++;
+       argv++, argc--;
+       goto another;
+    }
+#endif /* krb4 */
 #endif /* KERBEROS */
     if (host == 0)
       goto usage;
     if (argc > 0)
       goto usage;
+#ifdef KRB5_KRB4_COMPAT
+    if (kcmd_proto != KCMD_PROTOCOL_COMPAT_HACK && v4only) {
+       com_err (argv[0], 0,
+                "-4 is incompatible with -PO/-PN");
+       exit(1);
+    }
+#endif
     pwd = getpwuid(getuid());
     if (pwd == 0) {
        fprintf(stderr, "Who are you?\n");
@@ -637,6 +652,10 @@ main(argc, argv)
     if (Fflag)
       authopts |= OPTS_FORWARDABLE_CREDS;
 
+#ifdef KRB5_KRB4_COMPAT
+    if (v4only)
+       goto try_v4;
+#endif
     status = kcmd(&sock, &host, port,
                  null_local_username ? "" : pwd->pw_name,
                  name ? name : pwd->pw_name, term,
@@ -655,6 +674,7 @@ main(argc, argv)
            exit (1);
 #ifdef KRB5_KRB4_COMPAT
        fprintf(stderr, "Trying krb4 rlogin...\n");
+    try_v4:
        status = k4cmd(&sock, &host, port,
                       null_local_username ? "" : pwd->pw_name,
                       name ? name : pwd->pw_name, term,
@@ -710,7 +730,11 @@ main(argc, argv)
 #ifdef KERBEROS
     fprintf (stderr,
             "usage: rlogin host [-option] [-option...] [-k realm ] [-t ttytype] [-l username]\n");
-    fprintf (stderr, "     where option is e, 7, 8, noflow, n, a, x, f, F, or c\n");
+#ifdef KRB5_KRB4_COMPAT
+    fprintf (stderr, "     where option is e, 7, 8, noflow, n, a, x, f, F, c, 4, PO, or PN\n");
+#else
+    fprintf (stderr, "     where option is e, 7, 8, noflow, n, a, x, f, F, c, PO, or PN\n");
+#endif
 #else /* !KERBEROS */
     fprintf (stderr,
             "usage: rlogin host [-option] [-option...] [-t ttytype] [-l username]\n");

diff --git a/src/appl/bsd/rlogin.M b/src/appl/bsd/rlogin.M
index 601fe460b41ba41bd8cf2ca3ac88f33f38bac81e..56c11aa29d6feb54646772941251aed52584865f 100644 (file)
--- a/src/appl/bsd/rlogin.M
+++ b/src/appl/bsd/rlogin.M
@@ -25,7 +25,7 @@ rlogin \- remote login
 .I rhost
 [\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP]
 [\fB\-F\fP] [\fB\-t\fP \fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP]
-[\fB\-PN | \-PO\fP]
+[\fB\-PN | \-PO\fP] [\fB\-4\fP]
 [\fB\-d\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-x\fP] [\fB\-L\fP] [\fB\-l\fP
 \fIusername\fP]
 .PP
@@ -144,6 +144,9 @@ old one, but is not interoperable with older servers.  (An
 "input/output error" and a closed connection is the most likely result
 of attempting this combination.)  If neither option is specified, some
 simple heuristics are used to guess which to try.
+.TP
+\fB\-4\fP
+Use Kerberos V4 authentication only; don't try Kerberos V5.
 .SH SEE ALSO
 rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB
 version]