accounts: Use a custom keytab to authenticate users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index a92bc338f59d097fd7cd7886b43bb1091a3fa409..9df7d627acd8ff02be20ac8c0f859a4ae5098049 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -758,9 +758,12 @@ class Account(LDAPObject):
 
                logging.debug("Checking credentials for %s" % self.dn)
 
+               # Set keytab to use
+               os.environ["KRB5_KTNAME"] = "/etc/ipfire.org/www.keytab"
+
                # Check the credentials against the Kerberos database
                try:
-                       kerberos.checkPassword(self.uid, password, "host/%s" % FQDN, "IPFIRE.ORG")
+                       kerberos.checkPassword(self.uid, password, "www/%s" % FQDN, "IPFIRE.ORG")
 
                # Catch any authentication errors
                except kerberos.BasicAuthError as e: