This is a minimal patch for kerberos authentication with xdm. This is
for xdm in X11R6.1.

You will have to define KERBEROS and add include options to where you
have your kerberos headers, and also link xdm with libkrb and libdes.

It should be possible to create a kerberised libGreeter.so, but that
is left as an exercise to the reader.

--- greeter/verify.c	1996/06/25 21:21:25	1.1
+++ greeter/verify.c	1996/06/25 21:53:44
@@ -70,6 +70,11 @@
     NULL
 };
 
+#ifdef KERBEROS
+#include <krb.h>
+static char krbtkfile[1024];
+#endif
+
 static char **
 userEnv (d, useSystemPath, user, home, shell)
 struct display	*d;
@@ -87,6 +92,9 @@
     env = setEnv (env, "USER", user);
     env = setEnv (env, "PATH", useSystemPath ? d->systemPath : d->userPath);
     env = setEnv (env, "SHELL", shell);
+#ifdef KERBEROS
+    env = setEnv (env, "KRBTKFILE", krbtkfile);
+#endif
     for (envvar = envvars; *envvar; envvar++)
     {
 	if (str = getenv(*envvar))
@@ -121,6 +129,48 @@
 	} else {
 	    user_pass = p->pw_passwd;
 	}
+#ifdef KERBEROS
+	if(strcmp(greet->name, "root") != 0){
+	    char name[ANAME_SZ];
+	    char realm[REALM_SZ];
+	    char *q;
+	    int ret;
+	    
+	    sprintf(krbtkfile, "%s.%s", TKT_ROOT, d->name);
+	    krb_set_tkt_string(krbtkfile);
+	    unlink(krbtkfile);
+	    
+	    
+	    if(krb_get_lrealm(realm, 1)){
+		Debug ("Can't get Kerberos realm.\n");
+		bzero(greet->password, strlen(greet->password));
+		return 0;
+	    }
+
+	    ret = krb_verify_user(greet->name, "", realm, 
+				  greet->password, 0, "rcmd");
+	    
+	    if(ret == KSUCCESS){
+		chown(krbtkfile, p->pw_uid, p->pw_gid);
+		Debug("kerberos verify succeeded\n");
+		if (k_hasafs()) {
+		    if (k_setpag() == -1)
+			LogError ("setpag() failed for %s\n", greet->name);
+		    
+		    if((ret = k_afsklog(NULL, NULL)) != KSUCCESS)
+			LogError("Warning %s\n", krb_get_err_text(ret));
+		}
+		goto done;
+	    } else if(ret != KDC_PR_UNKNOWN && ret != SKDC_CANT){
+		/* failure */
+		Debug("kerberos verify failure\n");
+		bzero(greet->password, strlen(greet->password));
+		return 0;
+	    }
+	}
+#endif
+	    
+
 #ifdef USESHADOW
 	errno = 0;
 	sp = getspnam(greet->name);
@@ -141,6 +191,7 @@
 		bzero(greet->password, strlen(greet->password));
 		return 0;
 	}
+done:
 	Debug ("verify succeeded\n");
 	bzero(user_pass, strlen(user_pass)); /* in case shadow password */
 	/* The password is passed to StartClient() for use by user-based