functions uniformly use the same standard error formatting and exit
status for kadmin failures.
+ Exit with a non-zero status if the check_passwd command rejects the
+ password. Previously, an error would be reported but the backend
+ would always report a successful zero status if the password could be
+ checked, even if it was rejected.
+
The Heimdal version of kadmin-backend now requires the IPC::Run Perl
module (available from CPAN).
#
# Written by Russ Allbery <rra@stanford.edu>
# Based heavily on work by Roland Schemers
-# Copyright 2003, 2007, 2008, 2009, 2010, 2011
+# Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013
# The Board of Trustees of the Leland Stanford Junior University
#
# Permission to use, copy, modify, and distribute this software and its
# also set DISABLE_ALL_TIX) with the same password policy as our user accounts
# and seeing if the password is accepted.
#
-# On success, do nothing. On failure, print the error message from K5 kadmin.
-# We don't die here because of weird interface requirements.
+# On success, do nothing. On failure, print the error message from K5 kadmin
+# and exit with a non-zero status.
sub kadmin_validate {
my ($principal, $instance, $password) = @_;
check_password ($password);
print "retstr: Insecure password: $match\n";
$k5admin->send ("quit\n");
$k5admin->soft_close;
+ exit 1;
} elsif ($error) {
die "error: Expect said $error\n";
} else {
my $princ = shift;
my $pass = shift or die "error: missing password\n";
- password_check ($princ, '', $pass);
+ unless (password_check ($princ, '', $pass)) {
+ exit 1;
+ }
} elsif ($cmd eq 'create') {