import hmac
import iso3166
import json
+import kerberos
import ldap
import ldap.modlist
import logging
import os
import phonenumbers
import re
+import socket
import sys
import time
import tornado.httpclient
# Set the client keytab name
os.environ["KRB5_CLIENT_KTNAME"] = "/etc/ipfire.org/ldap.keytab"
+FQDN = socket.gethostname()
+
class LDAPObject(Object):
def init(self, dn, attrs=None):
self.dn = dn
logging.debug("Checking credentials for %s" % self.dn)
- # Create a new LDAP connection
- ldap_uri = self.backend.settings.get("ldap_uri")
- conn = ldap.initialize(ldap_uri)
-
+ # Check the credentials against the Kerberos database
try:
- conn.simple_bind_s(self.dn, password.encode("utf-8"))
- except ldap.INVALID_CREDENTIALS:
- logging.debug("Account credentials are invalid for %s" % self)
+ kerberos.checkPassword(self.uid, password, "host/%s" % FQDN, "IPFIRE.ORG")
+
+ # Catch any authentication errors
+ except kerberos.BasicAuthError as e:
+ logging.debug("Could not authenticate %s: %s" % (self.uid, e))
+
return False
- logging.info("Successfully authenticated %s" % self)
+ # Otherwise return True
+ else:
+ logging.info("Successfully authenticated %s" % self)
- return True
+ return True
def check_password_quality(self, password):
"""
projects / ipfire.org.git / commitdiff
