From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 10 Jan 2024 17:51:10 +0000 (+0000)
Subject: accounts: Use a custom keytab to authenticate users
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e3bd58d82a0cafc3310c88b7832614923c28ddd;p=ipfire.org.git

accounts: Use a custom keytab to authenticate users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index a92bc338..9df7d627 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -758,9 +758,12 @@ class Account(LDAPObject):
 
 		logging.debug("Checking credentials for %s" % self.dn)
 
+		# Set keytab to use
+		os.environ["KRB5_KTNAME"] = "/etc/ipfire.org/www.keytab"
+
 		# Check the credentials against the Kerberos database
 		try:
-			kerberos.checkPassword(self.uid, password, "host/%s" % FQDN, "IPFIRE.ORG")
+			kerberos.checkPassword(self.uid, password, "www/%s" % FQDN, "IPFIRE.ORG")
 
 		# Catch any authentication errors
 		except kerberos.BasicAuthError as e: