From 8e3bd58d82a0cafc3310c88b7832614923c28ddd Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 10 Jan 2024 17:51:10 +0000
Subject: [PATCH] accounts: Use a custom keytab to authenticate users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/backend/accounts.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index a92bc338..9df7d627 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -758,9 +758,12 @@ class Account(LDAPObject):
 
 		logging.debug("Checking credentials for %s" % self.dn)
 
+		# Set keytab to use
+		os.environ["KRB5_KTNAME"] = "/etc/ipfire.org/www.keytab"
+
 		# Check the credentials against the Kerberos database
 		try:
-			kerberos.checkPassword(self.uid, password, "host/%s" % FQDN, "IPFIRE.ORG")
+			kerberos.checkPassword(self.uid, password, "www/%s" % FQDN, "IPFIRE.ORG")
 
 		# Catch any authentication errors
 		except kerberos.BasicAuthError as e:
-- 
2.47.3