package edu.yale.its.tp.cas.auth.provider;

/* Sample PasswordHandler for CAS that authenticates using Kerberos 5 Protocol and Krb5LoginModule */
/* JDK 1.4.2 Required. */

import javax.naming.*;
import javax.naming.directory.*;
import javax.security.auth.login.*;
import javax.security.auth.callback.*;
import java.util.Hashtable;
import edu.yale.its.tp.cas.auth.*;

public class KerberosAuthHandler implements PasswordHandler {

    public boolean authenticate(javax.servlet.ServletRequest request,
                                String username,
                                String password) 
    {
	LoginContext lc = null;

	try 
	    {
		/* Set up the Callback handler, and initialise the userid and password fields */
		CASCallbackHandler ch = new CASCallbackHandler();
		ch.setUserId( username );
		ch.setPassword( password );
		
		/* Initialise the login context - LoginModule configured in cas_jaas.conf and */
		/* set to use Krb5LoginModule. */
		lc = new LoginContext( KerberosAuthHandler.class.getName(), ch );
		
		/* Perform the authentication */
		lc.login();
	    } 
	catch (LoginException le) 
	    {
		System.err.println("Authentication attempt failed" + le);
		return false;
	    }
	return true;
    }
}