Mailinglist Archive: opensuse-commit (861 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package yast2-kerberos-client for 
openSUSE:Factory
checked in at Mon Jan 24 15:48:58 CET 2011.



--------
--- yast2-kerberos-client/yast2-kerberos-client.changes 2010-08-06 
11:07:10.000000000 +0200
+++ 
/mounts/work_src_done/STABLE/yast2-kerberos-client/yast2-kerberos-client.changes
    2011-01-21 12:36:12.000000000 +0100
@@ -1,0 +2,13 @@
+Fri Jan 21 12:26:47 CET 2011 - jsuchome@xxxxxxx
+
+- when sssd is configured, update sssd.conf's kerberos values
+- agent for krb5.conf moved to yast2-pam to be usable by ldap-client
+- 2.20.2
+
+-------------------------------------------------------------------
+Thu Jan 20 16:12:22 CET 2011 - jsuchome@xxxxxxx
+
+- do not use pam_krb5 when sssd is configured
+- 2.20.1 
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


Old:
----
  yast2-kerberos-client-2.20.0.tar.bz2

New:
----
  yast2-kerberos-client-2.20.2.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-kerberos-client.spec ++++++
--- /var/tmp/diff_new_pack.Bb3Yop/_old  2011-01-24 15:48:13.000000000 +0100
+++ /var/tmp/diff_new_pack.Bb3Yop/_new  2011-01-24 15:48:13.000000000 +0100
@@ -1,7 +1,7 @@
 #
-# spec file for package yast2-kerberos-client (Version 2.20.0)
+# spec file for package yast2-kerberos-client
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,11 +19,11 @@
 
 
 Name:           yast2-kerberos-client
-Version:        2.20.0
+Version:        2.20.2
 Release:        1
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source0:        yast2-kerberos-client-2.20.0.tar.bz2
+Source0:        yast2-kerberos-client-2.20.2.tar.bz2
 
 Prefix:         /usr
 
@@ -31,8 +31,8 @@
 License:        GPLv2+
 BuildRequires:  doxygen perl-XML-Writer update-desktop-files yast2 
yast2-devtools yast2-pam yast2-testsuite
 
-# new Pam.ycp API
-Requires:       yast2-pam >= 2.14.0
+# etc_krb5_conf.scr 
+Requires:       yast2-pam >= 2.20.0
 
 # Hostname::CurrentDomain, CurrentHostname
 Requires:       yast2 >= 2.16.48
@@ -46,7 +46,7 @@
 Kerberos server will be used for user authentication.
 
 %prep
-%setup -n yast2-kerberos-client-2.20.0
+%setup -n yast2-kerberos-client-2.20.2
 
 %build
 %{prefix}/bin/y2tool y2autoconf

++++++ yast2-kerberos-client-2.20.0.tar.bz2 -> 
yast2-kerberos-client-2.20.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-kerberos-client-2.20.0/VERSION 
new/yast2-kerberos-client-2.20.2/VERSION
--- old/yast2-kerberos-client-2.20.0/VERSION    2010-08-06 11:05:37.000000000 
+0200
+++ new/yast2-kerberos-client-2.20.2/VERSION    2011-01-21 12:35:44.000000000 
+0100
@@ -1 +1 @@
-2.20.0
+2.20.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-kerberos-client-2.20.0/agents/etc_krb5_conf.scr 
new/yast2-kerberos-client-2.20.2/agents/etc_krb5_conf.scr
--- old/yast2-kerberos-client-2.20.0/agents/etc_krb5_conf.scr   2008-12-18 
14:47:06.000000000 +0100
+++ new/yast2-kerberos-client-2.20.2/agents/etc_krb5_conf.scr   1970-01-01 
01:00:00.000000000 +0100
@@ -1,37 +0,0 @@
-/**
- * File:
- *   etc_krb5_conf.scr
- * Summary:
- *   SCR Agent for reading/writing /etc/krb5.conf using the ini-agent
- *
- * $Id: etc_krb5_conf.scr 36303 2007-02-20 12:29:00Z jsuchome $
- *
- * Read/Sets the values defined in <tt>/etc/krb5.conf</tt>.
- * Warning! The file has 2 type of sections!
- */
-.etc.krb5_conf
-
-`ag_ini(
-  `IniAgent(
-   "/etc/krb5.conf",
-    $[
-      "options" : [ "global_values", "repeat_names" ],
-      "comments": [ "^[ \t]*#.*", "#.*", "^[ \t]*$" ],
-      "sections" : [
-        $[
-        "begin" : [ "^[ \t]*\\[[ \t]*(.*[^ \t])[ \t]*\\][ \t]*", "[%s]" ],
-        ],
-        $[
-        "begin" : [ "^[ \t]*(.*[^ \t])[ \t]*=[ \t]*\\{[ \t]*", "%s = {" ],
-        "end" : [ "^[ \t]*[ \t]*\\}[ \t]*", "}" ]
-        ]
-      ],
-      "subindent": "\t",
-      "params" : [
-        $[
-        "match" : [ "^[ \t]*([^=]*[^ \t=])[ \t]*=[ \t]*(.*[^ \t]|)[ \t]*$" , 
"%s = %s"],
-      ],
-    ],
-    ]
-  )
-)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-kerberos-client-2.20.0/src/Kerberos.ycp 
new/yast2-kerberos-client-2.20.2/src/Kerberos.ycp
--- old/yast2-kerberos-client-2.20.0/src/Kerberos.ycp   2010-07-26 
15:57:08.000000000 +0200
+++ new/yast2-kerberos-client-2.20.2/src/Kerberos.ycp   2011-01-21 
12:26:43.000000000 +0100
@@ -4,7 +4,7 @@
  * Summary:    Data for configuration of kerberos-client, i/o functions.
  * Authors:    Jiri Suchomel <jsuchome@xxxxxxx>
  *
- * $Id: Kerberos.ycp 57772 2009-06-26 13:23:16Z jsuchome $
+ * $Id: Kerberos.ycp 63239 2011-01-20 15:13:34Z jsuchome $
  *
  * Representation of the configuration of kerberos-client.
  * Input and output routines.
@@ -482,7 +482,26 @@
     // -- pam settings
     if (pam_modified || write_only)
     {
-        if (use_pam_krb)
+       // whem sssd is configured, do not use pam_krb5 and update sssd.conf
+       // fate#308902
+       if (Pam::Enabled ("sss"))
+       {
+           y2milestone ("not using pam_krb5 because sssd is configured");
+           Pam::Remove ("krb5");
+
+           y2milestone ("updating sssd.conf with new kerberos values");
+
+           path domain     = add (.etc.sssd_conf.v, "domain/default");
+           SCR::Write (add (domain, "auth_provider"), "krb5");
+           SCR::Write (add (domain, "chpass_provider"), "krb5");
+           SCR::Write (add (domain, "krb5_realm"), default_realm);
+           SCR::Write (add (domain, "krb5_kdcip"), kdc);
+           if (!SCR::Write(.etc.sssd_conf, nil))
+           {
+               y2error ("error writing ldap.conf file");
+           }
+       }
+        else if (use_pam_krb)
         {
            Pam::Add ("krb5");
            // If ldap is configured we need to change it to ldap-account_only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-kerberos-client-2.20.0/testsuite/tests/Write.out 
new/yast2-kerberos-client-2.20.2/testsuite/tests/Write.out
--- old/yast2-kerberos-client-2.20.0/testsuite/tests/Write.out  2010-08-06 
11:05:05.000000000 +0200
+++ new/yast2-kerberos-client-2.20.2/testsuite/tests/Write.out  2011-01-20 
16:13:08.000000000 +0100
@@ -1,6 +1,7 @@
 Dump   ==== writing without any changes =================================
 Return true
 Dump   ==== pam enabled with krb5-ignore_unknown_principals=
+Execute        .target.bash_output "/usr/sbin/pam-config -q --sss" 
$["stdout":""]
 Execute        .target.bash_output "/usr/sbin/pam-config -a --krb5" 
$["stdout":""]
 Execute        .target.bash_output "/usr/sbin/pam-config -q --ldap" 
$["stdout":""]
 Execute        .target.bash_output "/usr/sbin/pam-config -a 
--krb5-ignore_unknown_principals" $["stdout":""]
@@ -11,6 +12,7 @@
 Write  .etc.ssh.ssh_config nil true
 Return true
 Dump   ==== kerberos disabled, ssh support disabled, krb5.conf untouched=
+Execute        .target.bash_output "/usr/sbin/pam-config -q --sss" 
$["stdout":""]
 Execute        .target.bash_output "/usr/sbin/pam-config -q 
--ldap-account_only" $["stdout":""]
 Execute        .target.bash_output "/usr/sbin/pam-config -d --krb5" 
$["stdout":""]
 Write  .etc.ssh.ssh_config.v."*"."GSSAPIAuthentication" "no" true


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx