-
Notifications
You must be signed in to change notification settings - Fork 0
/
e-smith-base-5.2.0-ldap-auth.patch
91 lines (86 loc) · 4.88 KB
/
e-smith-base-5.2.0-ldap-auth.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files.ldap-auth 2005-11-20 21:28:07.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files 2010-11-01 08:23:30.000000000 -0600
@@ -1,6 +1,6 @@
-passwd: files
-shadow: files
-group: files
+passwd: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
+shadow: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
+group: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
hosts: { ($AccessType eq "off") ? "files" : "files dns" }
services: files
networks: files
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth.ldap-auth 2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth 2010-11-01 08:31:11.000000000 -0600
@@ -10,5 +10,10 @@ auth required pam_env.so
$OUT .= "auth required pam_abl.so config=/etc/security/pam_abl.conf";
}
auth sufficient pam_unix.so likeauth nullok
+{
+ my $status = $ldap{Authentication} || 'disabled';
+ return unless $status eq 'enabled';
+ $OUT .= "auth sufficient pam_ldap.so use_first_pass";
+}
auth required pam_deny.so
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account.ldap-auth 2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account 2010-11-01 08:27:52.000000000 -0600
@@ -1,5 +1,10 @@
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
+{
+ my $status = $ldap{Authentication} || 'disabled';
+ return unless $status eq 'enabled';
+ $OUT .= "account [default=bad success=ok user_unknown=ignore] pam_ldap.so";
+}
account required pam_permit.so
{
my $status = $pam_tally{status} || 'disabled';
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password.ldap-auth 2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password 2010-11-01 08:30:37.000000000 -0600
@@ -1,3 +1,8 @@
password sufficient pam_unix.so nullok md5 shadow
+{
+ my $status = $ldap{Authentication} || 'disabled';
+ return unless $status eq 'enabled';
+ $OUT .= "password sufficient pam_ldap.so use_authtok";
+}
password required pam_deny.so
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session.ldap-auth 2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session 2010-11-01 08:30:19.000000000 -0600
@@ -1,2 +1,7 @@
session required pam_limits.so
session required pam_unix.so
+{
+ my $status = $ldap{Authentication} || 'disabled';
+ return unless $status eq 'enabled';
+ $OUT .= "session optional pam_ldap.so";
+}
diff -up e-smith-base-5.2.0/createlinks.enable-cpu e-smith-base-5.2.0/createlinks
--- e-smith-base-5.2.0/createlinks.enable-cpu 2010-11-01 10:00:03.000000000 -0600
+++ e-smith-base-5.2.0/createlinks 2010-11-01 10:01:53.000000000 -0600
@@ -316,7 +316,6 @@
templates2events("/etc/smartd.conf", $event);
templates2events("/home/e-smith/ssl.pem/pem", $event);
event_link("rmmod-bonding", $event, "10");
-event_link("user-lock-passwd", $event, "15");
event_link("set-hostname", $event, "10");
event_link("conf-modules", $event, "30");
event_link("conf-startup", $event, "60");
@@ -324,6 +323,14 @@
event_link("init-reload", $event, "90");
event_link("reset-unsavedflag", $event, "95");
+#--------------------------------------------------
+# actions for bootstrap-ldap-save
+#--------------------------------------------------
+$event = "bootstrap-ldap-save";
+
+templates2events("/etc/nsswitch.conf", $event);
+templates2events("/etc/pam.d/system-auth", $event);
+event_link("user-lock-passwd", $event, "15");
#--------------------------------------------------
# actions for group-create event