Author: jsuchome
Date: Fri Dec 14 11:04:45 2007
New Revision: 43075
URL: http://svn.opensuse.org/viewcvs/yast?rev=43075&view=rev
Log:
- removed obsolete retain_after_close option
- implemented support for more pam_krb5 options (F302014)
- 2.16.1
Modified:
trunk/kerberos-client/VERSION
trunk/kerberos-client/package/yast2-kerberos-client.changes
trunk/kerberos-client/src/Kerberos.ycp
trunk/kerberos-client/src/dialogs.ycp
trunk/kerberos-client/src/kerberos.ycp
trunk/kerberos-client/testsuite/tests/Read.out
trunk/kerberos-client/testsuite/tests/Read.ycp
trunk/kerberos-client/testsuite/tests/Write.out
trunk/kerberos-client/testsuite/tests/WriteKrb5ConfValue.out
Modified: trunk/kerberos-client/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/VERSION?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/VERSION (original)
+++ trunk/kerberos-client/VERSION Fri Dec 14 11:04:45 2007
@@ -1 +1 @@
-2.16.0
+2.16.1
Modified: trunk/kerberos-client/package/yast2-kerberos-client.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/package/yast2-kerberos-client.changes?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/package/yast2-kerberos-client.changes (original)
+++ trunk/kerberos-client/package/yast2-kerberos-client.changes Fri Dec 14 11:04:45 2007
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Tue Dec 11 15:50:54 CET 2007 - jsuchome@suse.cz
+
+- removed obsolete retain_after_close option
+- implemented support for more pam_krb5 options (F302014)
+- 2.16.1
+
+-------------------------------------------------------------------
Fri Oct 19 11:28:26 CEST 2007 - jsuchome@suse.cz
- Use Kerberos checked by default during installation (#330054)
Modified: trunk/kerberos-client/src/Kerberos.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/src/Kerberos.ycp?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/src/Kerberos.ycp (original)
+++ trunk/kerberos-client/src/Kerberos.ycp Fri Dec 14 11:04:45 2007
@@ -22,8 +22,8 @@
import "Mode";
import "Package";
import "Pam";
-import "Popup";
import "Progress";
+import "Report";
import "Service";
import "Summary";
@@ -62,9 +62,12 @@
global string renew_lifetime = "1d";
global string forwardable = "true";
global string proxiable = "false";
+// obsolete, do not use
global string retain_after_close = "false";
global boolean ssh_support = false;
global string minimum_uid = "1";
+
+// deprecated at this scope: now present in ExpertSettings map
global string use_shmem = "sshd";
global string mappings = "";
@@ -93,6 +96,13 @@
],
];
+/**
+ map with the settings configurable in the expert tabs
+ */
+global map ExpertSettings = $[];
+
+// backup of original ExpertSettings
+map OrigExpertSettings = $[];
/**
* Data was modified?
@@ -124,11 +134,12 @@
minimum_uid = client["minimum_uid"]:minimum_uid;
forwardable = (client["forwardable"]:true) ? "true": "false";
proxiable = (client["proxiable"]:false) ? "true" : "false";
- retain_after_close = (client["retain_after_close"]:false)? "true": "false";
use_shmem = client["use_shmem"]:use_shmem;
mappings = client["mappings"]:"";
trusted_servers = client["trusted_servers"]:"";
-
+ ExpertSettings = client["ExpertSettings"]:$[];
+ if (!haskey (ExpertSettings, "use_shmem") && haskey (client, "use_shmem"))
+ ExpertSettings["use_shmem"] = use_shmem;
pam_modified = true;
modified = true;
return true;
@@ -157,11 +168,9 @@
"minimum_uid" : minimum_uid,
"forwardable" : forwardable == "true",
"proxiable" : proxiable == "true",
- "retain_after_close" : retain_after_close == "true",
+ "ExpertSettings" : ExpertSettings,
]
];
- if (use_shmem != "sshd")
- export_map["kerberos_client","use_shmem"] = use_shmem;
if (mappings != "")
export_map["kerberos_client","mappings"] = mappings;
if (trusted_servers != "")
@@ -217,7 +226,7 @@
global boolean WriteKrb5ConfValues (path path_to_value, list<string> values) {
if (values == nil || values == [])
- return false;
+ return SCR::Write (path_to_value, nil); // FIXME test
return SCR::Write (path_to_value, values);
}
@@ -240,7 +249,7 @@
global boolean WriteKrb5ConfValue (path path_to_value, string value) {
if (value == nil || value == "")
- return false;
+ return SCR::Write (path_to_value, nil); // FIXME test
return WriteKrb5ConfValues (path_to_value, [value]);
}
@@ -287,14 +296,30 @@
if (admin_server == kdc)
admin_server = ""; // we could replace it in Write in this case...
- ticket_lifetime = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.ticket_lifetime, "1d");
- renew_lifetime = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.renew_lifetime, "1d");
- forwardable = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.forwardable, "true");
- proxiable = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.proxiable, "false");
- retain_after_close = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.retain_after_close,
- "false");
- minimum_uid = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.minimum_uid, "1");
- use_shmem = ReadKrb5ConfValue (.etc.krb5_conf.v.pam.use_shmem, "sshd");
+ path pam_p = .etc.krb5_conf.v.pam;
+ ticket_lifetime = ReadKrb5ConfValue (add(pam_p,"ticket_lifetime"),"1d");
+ renew_lifetime = ReadKrb5ConfValue (add (pam_p,"renew_lifetime"),"1d");
+ forwardable = ReadKrb5ConfValue (add (pam_p,"forwardable"), "true");
+ proxiable = ReadKrb5ConfValue (add (pam_p,"proxiable"), "false");
+ minimum_uid = ReadKrb5ConfValue (add (pam_p, "minimum_uid"), "1");
+
+ foreach (string key, [ "keytab", "ccache_dir", "ccname_template",
+ "mappings", "existing_ticket", "external", "validate", "use_shmem",
+ "addressless", "debug", "debug_sensitive",
+ "initial_prompt", "subsequent_prompt", ],
+ {
+ string val = ReadKrb5ConfValue (add (pam_p, key), nil);
+ if (val != nil)
+ ExpertSettings[key] = val;
+ });
+ if (!haskey (ExpertSettings, "use_shmem"))
+ ExpertSettings["use_shmem"] = "sshd";
+ use_shmem = ExpertSettings["use_shmem"]:"sshd";
+ if (!haskey (ExpertSettings, "external"))
+ ExpertSettings["external"] = "sshd";
+
+ OrigExpertSettings = ExpertSettings;
+
trusted_servers = ReadKrb5ConfValue (.etc.krb5_conf.v.pkinit.trusted_servers, "");
}
else
@@ -463,8 +488,9 @@
{
// update the default realm settings
WriteKrb5ConfValuesAsString (add (add (.etc.krb5_conf.v, default_realm),"kdc"),kdc);
- WriteKrb5ConfValue (add (add (.etc.krb5_conf.v, default_realm),
- "default_domain"), default_domain);
+ if (default_domain != "" && default_domain != nil)
+ WriteKrb5ConfValue (add (add (.etc.krb5_conf.v, default_realm),
+ "default_domain"), default_domain);
if (admin_server == "")
// save only when the entry was mising or same as KDC
WriteKrb5ConfValuesAsString (add (add (.etc.krb5_conf.v, default_realm),
@@ -477,8 +503,9 @@
// write the settings of the new default realm
WriteKrb5ConfValuesAsString (
add (add(.etc.krb5_conf.v.realms,default_realm),"kdc"), kdc);
- WriteKrb5ConfValue (add (add (.etc.krb5_conf.v.realms, default_realm),
- "default_domain"), default_domain);
+ if (default_domain != "" && default_domain != nil)
+ WriteKrb5ConfValue (add (add (.etc.krb5_conf.v.realms, default_realm),
+ "default_domain"), default_domain);
if (admin_server == "")
WriteKrb5ConfValuesAsString (add (add (.etc.krb5_conf.v.realms, default_realm),
"admin_server"), kdc);
@@ -497,9 +524,22 @@
WriteKrb5ConfValue (add (pam_sect, "renew_lifetime"), renew_lifetime);
WriteKrb5ConfValue (add (pam_sect, "forwardable"), forwardable);
WriteKrb5ConfValue (add (pam_sect, "proxiable"), proxiable);
- WriteKrb5ConfValue (add (pam_sect, "retain_after_close"), retain_after_close);
WriteKrb5ConfValue (add (pam_sect, "minimum_uid"), minimum_uid);
- WriteKrb5ConfValue (add (pam_sect, "use_shmem"), use_shmem);
+
+ foreach (string key, any value, ExpertSettings, {
+ path pth = add (pam_sect, key);
+ if (is (value, boolean))
+ {
+ WriteKrb5ConfValue (pth, value == true ? "true" : "false");
+ return;
+ }
+ // rest is string
+ if (value != "")
+ WriteKrb5ConfValue (pth, (string) value);
+ // removin
+ else if (OrigExpertSettings[key]:"" != "")
+ WriteKrb5ConfValue (pth, nil); // FIXME doesn't work!
+ });
if (trusted_servers != "" &&
Package::Installed ("krb5-plugin-preauth-pkinit-nss"))
@@ -635,6 +675,26 @@
]);
}
+/**
+ * Validation function for time-related values
+ */
+global boolean ValidateTimeEntries (string key, string val) {
+ if (!regexpmatch (val, "^([0-9]+)[dmh]$") &&
+ !regexpmatch (val, "^([0-9]+)$"))
+ {
+ if (key == "clockskew")
+ // error popup (wrong format of entered value)
+ Report::Error (_("Clock skew is invalid.
+Try again.
+"));
+ else
+ // error popup (wrong format of entered value)
+ Report::Error (_("Lifetime is invalid.
+Try again."));
+ return false;
+ }
+ return true;
+}
/* EOF */
Modified: trunk/kerberos-client/src/dialogs.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/src/dialogs.ycp?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/src/dialogs.ycp (original)
+++ trunk/kerberos-client/src/dialogs.ycp Fri Dec 14 11:04:45 2007
@@ -12,6 +12,8 @@
textdomain "kerberos";
import "Address";
+import "CWM";
+import "CWMTab";
import "IP";
import "Kerberos";
import "Label";
@@ -20,8 +22,140 @@
import "Popup";
import "Report";
import "Stage";
+import "String";
import "Wizard";
+// map of current expert settings
+map ExpertSettings = $[];
+
+boolean text_mode = false;
+
+/******************************************************************************
+ * widget handlers
+ ******************************************************************************/
+
+ /**
+ * universal widget: initialize the string value of widget @param
+ */
+ define void InitDescription (string id) {
+ string val = ExpertSettings[id]:"";
+ if (id == "minimum_uid")
+ UI::ChangeWidget (`id (id), `Value, tointeger (val));
+ else
+ UI::ChangeWidget (`id (id), `Value, val);
+ }
+
+ /**
+ * store the string value of given widget
+ */
+ define void StoreDescription (string key, map event) {
+ if (key == "minimum_uid")
+ ExpertSettings[key] = tostring (UI::QueryWidget (`id(key), `Value));
+ else
+ ExpertSettings[key] = UI::QueryWidget (`id(key), `Value);
+ }
+
+ /**
+ * handler for general string-value widgets: store their value on exit/save
+ */
+ define symbol HandleDescription (string key, map event) {
+ // store the value on exiting
+ if (event["ID"]:nil == `next) StoreDescription (key, event);
+ return nil;
+ }
+
+ /**
+ * universal widget: initialize the string value of widget @param
+ */
+ define void InitCheckBox (string id) {
+ UI::ChangeWidget (`id (id), `Value, ExpertSettings[id]:false);
+ }
+
+ /**
+ * handler for Configure User Data menubutton + NTP client button
+ */
+ symbol HandleClientCallButton (string key, map event) {
+ any ID = event["ID"]:nil;
+ if ((key != "nss_client" || event["EventType"]:"" != "MenuEvent") &&
+ (key != "ntp" || ID != key))
+ return nil;
+ if (ID == "ldap" || ID == "nis" || ID == "ntp")
+ {
+ if (Package::Install (sformat ("yast2-%1-client", ID)))
+ WFM::CallFunction ((string)ID + "-client", []);
+ }
+ return nil;
+ }
+
+ /**
+ * Validation function for widgets with time values
+ */
+ define boolean ValidateTimeEntries (string key, map event) {
+ string val = (string) UI::QueryWidget (`id(key), `Value);
+ if (val == "" || Kerberos::ValidateTimeEntries (key, val))
+ return true;
+ UI::SetFocus (`id(key));
+ return false;
+ }
+
+ /**
+ * universal handler for directory browsing
+ */
+ symbol HandleBrowseDirectory (string key, map event) {
+
+ if (event["ID"]:nil != key) return nil;
+ string val = substring (key, 7);
+ string current = (string) UI::QueryWidget (`id (val), `Value);
+ if (current == nil) current = "";
+ // directory location popup label
+ string dir = UI::AskForExistingDirectory (current, _("Path to Directory"));
+ if (dir!= nil)
+ {
+ UI::ChangeWidget (`id (val), `Value, dir);
+ StoreDescription (val, $[]);
+ }
+ return nil;
+ }
+
+ /**
+ * universal handler for looking up files
+ */
+ symbol HandleBrowseFile (string key, map event) {
+
+ if (event["ID"]:nil != key) return nil;
+ string val = substring (key, 7);
+ string current = (string) UI::QueryWidget (`id (val), `Value);
+ if (current == nil) current = "";
+ // file location popup label
+ string dir = UI::AskForExistingFile (current, "", _("Path to File"));
+ if (dir!= nil)
+ {
+ UI::ChangeWidget (`id (val), `Value, dir);
+ StoreDescription (val, $[]);
+ }
+ return nil;
+ }
+
+ /**
+ * initialize the value of combo box
+ */
+ define void InitCombo (string id) {
+ string value = ExpertSettings[id]:"";
+ list items = [
+ // combo box item
+ `item (`id ("true"), _("All services"), "true" == value),
+ // combo box item
+ `item (`id ("false"), _("No services"), "false" == value || value == "")
+ ];
+ if (! contains (["true", "false", ""], value))
+ items = add (items, `item (`id (value), value, true));
+ UI::ChangeWidget (`id (id), `Items, items);
+ }
+
+/******************************************************************************
+ * end of widget handlers
+ ******************************************************************************/
+
/**
* The dialog that appears when the [Abort] button is pressed.
* @return `abort if user really wants to abort, `back otherwise
@@ -250,221 +384,479 @@
return result;
}
+map widget_description = $[
+ // ---------------- widgtes for ("main") tab
+ "ticket_lifetime" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("&Default Lifetime"),
+ // help text (do not transl. values "m","h", "d")
+ "help" : _("<p>Values of <b>Default Lifetime</b>, <b>Default Renewable Lifetime</b>, and <b>Clock Skew</b> are in seconds by default. Alternatively, specify the time unit (<tt>m</tt> for minutes, <tt>h</tt> for hours, or <tt>d</tt> for days) and use it as a value suffix, as in <tt>1d</tt> or <tt>24h</tt> for one day.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "validate_type" : `function,
+ "validate_function" : ValidateTimeEntries,
+ "valid_chars" : String::CDigit () + "dmh",
+ ],
+ "renew_lifetime" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("De&fault Renewable Lifetime"),
+ "no_help" : true,
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "validate_type" : `function,
+ "validate_function" : ValidateTimeEntries,
+ "valid_chars" : String::CDigit () + "dmh",
+ ],
+ "forwardable" : $[
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // checkbox label
+ "label" : _("For&wardable"),
+ // help text
+ "help" : _("<p><b>Forwardable</b> lets you transfer your complete identity (TGT) to another machine. <b>Proxiable</b> only lets you transfer particular tickets. Select if the options should be aplied to all PAM services, none of them or enter a list of services separated by spaces.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "proxiable" : $[
+// "widget" : `checkbox,
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // checkbox label
+ "label" : _("&Proxiable"),
+ "no_help" : true,
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "retain_after_close" : $[
+ "widget" : `checkbox,
+ // checkbox label
+ "label" : _("R&etained"),
+ // help text
+ "help" : _("<p>If <b>Retained</b> is enabled, a PAM module keeps the tickets after closing the session.</p>"),
+ "init" : InitCheckBox,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "ssh_support" : $[
+ "widget" : `checkbox,
+ // checkbox label
+ "label" : _("Kerberos Support for Open&SSH Client"),
+ // help text
+ "help" : _("<p>To enable Kerberos support for your OpenSSH client, select <b>Kerberos Support for OpenSSH Client</b>. In such a case, Kerberos tickets are used for user authentication on the SSH server.</p>"),
+ "init" : InitCheckBox,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "ignore_unknown" : $[
+ "widget" : `checkbox,
+ // checkbox label
+ "label" : _("&Ignore Unknown Users"),
+ // help text
+ "help" : _("<p>Check <b>Ignore Unknown Users</b> to have Kerberos ignore authentication attempts by users it does not know.</p>"),
+ "init" : InitCheckBox,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "minimum_uid" : $[
+ "widget" : `intfield,
+ "opt" : [ `hstretch ],
+ // intfield label
+ "label" : _("Minimum &UID"),
+ // help text
+ "help" : _("<p>When the <b>Minimum UID</b> is greater than 0, authentication attempts by users with UIDs below the specified number are ignored. This is useful for disabling Kerberos authentication for the system administrator root.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "clockskew" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("C&lock Skew"),
+ // help text
+ "help" : _("<p>The <b>Clock Skew</b> is the tolerance for time stamps not exactly matching the host's system clock. The value is in seconds.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "validate_type" : `function,
+ "validate_function" : ValidateTimeEntries,
+ "valid_chars" : String::CDigit () + "dmh",
+ ],
+ "ntp" : $[
+ "widget" : `push_button,
+ // push button label
+ "label" : _("&NTP Configuration..."),
+ "help" : _("<p>
+To synchronize your time with an NTP server, configure your computer
+as an NTP client. Access the configuration with <b>NTP Configuration</b>.
+</p>
+"),
+ "handle" : HandleClientCallButton
+ ],
+ "nss_client" : $[
+ "widget" : `menu_button,
+ // push button label
+ "label" : _("C&onfigure User Data"),
+ // help text
+ "help" : _("<p>To configure the source of user accounts, select the appropriate configuration module in <b>Configure User Data</b>.</p>"),
+ "items" : [
+ // menu item
+ [ "ldap", _("LDAP Client") ],
+ // menu item
+ [ "nis", _("NIS Client") ],
+ ],
+ "handle" : HandleClientCallButton
+ ],
+
+ // ---------------- widgtes for Expert Pam Settings ("pam_expert") tab
+ "ccache_dir" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("Credential Cac&he Directory"),
+ // help text for "Credential Cac&he Directory"
+ "help" : _("<p>Specify the directory where to place credential cache files as <b>Credential Cache Directory</b>.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "browse_ccache_dir" : $[
+ "widget" : `push_button,
+ // push button label
+ "label" : _("&Browse..."),
+ "no_help" : true,
+ "handle" : HandleBrowseDirectory,
+ ],
+ "ccname_template" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("Credential Cache &Template"),
+ // help text
+ "help" : _("<p><b>Credential Cache Template</b> specifies the location in which to place the user's session-specific credential cache.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "no_help" : true,
+ ],
+ "keytab" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("&Keytab File Location"),
+ // help text
+ "help" : _("<p>Specify the location of the file with the keys of pricipals in <b>Keytab File Location</b>.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "browse_keytab" : $[
+ "widget" : `push_button,
+ // push button label
+ "label" : _("Bro&wse..."),
+ "no_help" : true,
+ "handle" : HandleBrowseFile,
+ ],
+ "mappings" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("&Mappings"),
+ // help text
+ "help" : _("<p>With <b>Mappings</b>, define specifies how PAM module should derive the principal's name from the system user name.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "banner" : $[
+ "widget" : `textentry,
+ // textentry label
+ "label" : _("Ba&nner"),
+ // help text
+ "help" : _("<p>The value of <b>Banner</b> is a text that should be shown before a password questions.</p>"),
+ "init" : InitDescription,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ // ---------------- widgets for Services tab
+ "services_help" :$[
+ "widget" : `empty,
+ // generic help for Services tab
+ "help" : _("All settings in this dialog can be aplied for all PAM services, no service or a specific list of services separated by commas."),
+ ],
+ "addressless" : $[
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // textentry label
+ "label" : _("Add&ressless Initial Tickets"),
+ // help text
+ "help" : _("<p>When <b>Addressless Initial Tickets</b> is set, initial tickets (TGT) with no address information are requested.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "debug" : $[
+ "widget" : `combobox,
+ "opt" : [ `notify, `editable ],
+ // textentry label
+ "label" : _("&Debug"),
+ // help text
+ "help" : _("<p>Check <b>Debug</b> to turn on debugging for selected services via syslog.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "debug_sensitive" : $[
+ "widget" : `combobox,
+ "opt" : [ `notify, `editable ],
+ // textentry label
+ "label" : _("&Sensitive Debug"),
+ // help text
+ "help" : _("<p><b>Sensitive Debug</b> turns on debugging of sensitive information.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "existing_ticket" : $[
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // textentry label
+ "label" : _("Accept &Existing Ticket"),
+ // help text
+ "help" : _("<p>Check <b>Accept Existing Ticket</b> to tell PAM module to accept the presence of pre-existing Kerberos credentials as sufficient to authenticate the user.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "items" : [],
+ ],
+ "external" : $[
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // textentry label
+ "label" : _("E&xternal credentials"),
+ // help text
+ "help" : _("<p>List the services allowed to provide credentials in <b>External credentials</b>.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "items" : [],
+ ],
+ "use_shmem" : $[
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // textentry label
+ "label" : _("Use Shared Mem&ory"),
+ // help text
+ "help" : _("<p><b>Use Shared Memory</b> describes the services for which the shared memory is used during authentication.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "items" : [],
+ ],
+ "validate" : $[
+ "widget" : `combobox,
+ "opt" : [ `hstretch, `notify, `editable ],
+ // textentry label
+ "label" : _("&Validate Initial Ticket"),
+ // help text
+ "help" : _("<p>Select the services for which should TGT be validated by changing the value of <b>Validate Initial Ticket</b>."),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ "items" : [],
+ ],
+ "initial_prompt" : $[
+ "widget" : `combobox,
+ "opt" : [ `notify, `editable ],
+ // textentry label
+ "label" : _("&Initial Prompt"),
+ // help text
+ "help" : _("<p>With <b>Initial Prompt</b> checked, PAM module asks for a password before authentication attempt.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+ "subsequent_prompt" : $[
+ "widget" : `combobox,
+ "opt" : [ `notify, `editable ],
+ // textentry label
+ "label" : _("Subsequent &Prompt"),
+ // help text
+ "help" : _("<p>If <b>Subsequent Prompt</b> is enabled, PAM module may ask user for a password if the previously-entered password was somehow insufficient for authentication.</p>"),
+ "init" : InitCombo,
+ "store" : StoreDescription,
+ "handle" : HandleDescription,
+ ],
+];
+
+// description of tab layouts
+map get_tabs_descr () {
+ return $[
+ "main" : $[
+ // tab header
+ "header" : _("PAM Settings"),
+ "contents" : `Top (`HBox (`HSpacing (3), `VBox (
+ `VSpacing (0.4),
+ // frame label
+ `Frame (_("Ticket Attributes"), `HBox (`HSpacing (0.5), `VBox(
+ `VSpacing (0.4),
+ "ticket_lifetime",
+ "renew_lifetime",
+ `HBox ("forwardable", `HSpacing (0.5), "proxiable"),
+ `VSpacing (0.4)), `HSpacing (0.5)
+ )),
+ `VSpacing (0.4),
+ `Left ("ssh_support"),
+ `VSpacing (0.2),
+ `Left ("ignore_unknown"),
+ `VSpacing (0.4),
+ "minimum_uid",
+ `HBox (
+ "clockskew",
+ `VBox (`Label (""), "ntp")
+ ),
+ `VSpacing (0.6),
+ `Left ("nss_client")
+ ), `HSpacing(3))),
+ "widget_names" : [
+ "ticket_lifetime", "renew_lifetime",
+ "forwardable", "proxiable",
+ "ssh_support", "ignore_unknown", "minimum_uid", "clockskew", "ntp",
+ "nss_client",
+ ],
+ ],
+ "pam_expert" : $[
+ // tab header
+ "header" : _("Expert PAM Settings"),
+ "contents" : `HBox (`HSpacing(2), `VBox (
+ `VSpacing (0.4),
+ `HBox ("keytab", `VBox (`Label (""), "browse_keytab")),
+ `HBox ("ccache_dir", `VBox (`Label (""), "browse_ccache_dir")),
+ "ccname_template",
+ "mappings",
+ "banner",
+ `VStretch ()
+ ), `HSpacing (2)),
+ "widget_names" : [
+ "keytab", "browse_keytab", "ccache_dir", "browse_ccache_dir",
+ "ccname_template", "mappings", "banner",
+ ],
+ ],
+ "services" : $[
+ // tab header
+ "header" : _("PAM Services"),
+ "contents" : `HBox (`HSpacing(2), `VBox (
+ "services_help",
+ `VSpacing (0.4),
+ "addressless",
+ `VSpacing (0.4),
+ "existing_ticket",
+ `VSpacing (0.4),
+ "external",
+ `VSpacing (0.4),
+ "use_shmem",
+ `VSpacing (0.4),
+ "validate",
+ `VSpacing (0.4),
+ `HBox (
+ `HWeight (1, "debug"),
+ `HSpacing (0.5),
+ `HWeight (1, "debug_sensitive")
+ ),
+ `VSpacing (0.4),
+ `HBox (
+ `HWeight (1, "initial_prompt"),
+ `HSpacing (0.5),
+ `HWeight (1, "subsequent_prompt")
+ ),
+ `VSpacing (0.4),
+ `VStretch ()
+ ), `HSpacing (2)),
+ "widget_names" : [
+ "services_help", "addressless",
+ "existing_ticket", "external", "use_shmem", "validate",
+ "debug", "debug_sensitive",
+ "initial_prompt", "subsequent_prompt",
+ ],
+ ],
+ "realms" : $[
+ // tab header
+ "header" : _("Realm Settings"),
+ "contents" : `HBox (`HSpacing(2), `VBox (
+ `VSpacing (0.4),
+ `Empty (`opt (`hstretch, `vstretch))
+ ), `HSpacing (2)),
+ "widget_names" : [
+ ],
+ ],
+ ];
+}
+
/**
* Kerberos advanced configuration
* @return dialog result
*/
define symbol AdvancedDialog() {
- string help_text =
-
- // help text (do not transl. values "m","h", "d")
- _("<p>Values of <b>Default Lifetime</b>, <b>Default Renewable Lifetime</b>, and
-<b>Clock Skew</b> are in seconds by default. Alternatively, specify the time
-unit (<tt>m</tt> for minutes, <tt>h</tt> for hours, or <tt>d</tt> for days) and use it as a value suffix, as in <tt>1d</tt> or <tt>24h</tt> for one day).</p>
-") +
+ map display_info = UI::GetDisplayInfo ();
+ text_mode = display_info["TextMode"]:false;
- // help text
- _("<p><b>Forwardable</b> lets you transfer your complete identity
-(TGT) to another machine. <b>Proxiable</b> only lets you transfer
-particular tickets.</p>
-") +
-
- // help text
- _("<p>If <b>Retained</b> is enabled, a PAM module keeps the tickets
-after closing the session.</p>
-") +
-
- // help text
- _("<p>To enable Kerberos support for your OpenSSH client, select <b>Kerberos Support for OpenSSH Client</b>. In such a case, Kerberos tickets are used for user
-authentication on the SSH server.</p>
-") +
-
- // help text
- _("<p>Check <b>Ignore Unknown Users</b> to have Kerberos ignore authentication attempts by users it does not know.</p>") +
-
- // help text
- _("<p>When the <b>Minimum UID</b> is greater than 0, authentication attempts by
-users with UIDs below the specified number are ignored. This is useful for
-disabling Kerberos authentication for the system administrator root.</p>
-")+
-
- // help text
- _("<p>
-The <b>Clock Skew</b> is the tolerance for time stamps not exactly matching the host's system clock. The value is in seconds.</p>") +
-
- //helptext
- _("<p>
-To synchronize your time with an NTP server, configure your computer
-as an NTP client. Access the configuration with <b>NTP Configuration</b>.
-</p>
-") +
-
- // help text about launching selected yast module
- _("<p>To configure the source of user accounts, select the appropriate configuration module in <b>Configure User Data</b>.</p>");
-
- string uid = Kerberos::minimum_uid;
- string ticket = Kerberos::ticket_lifetime;
- string renew = Kerberos::renew_lifetime;
- boolean forw = Kerberos::forwardable == "true";
- boolean prox = Kerberos::proxiable == "true";
- boolean retain = Kerberos::retain_after_close == "true";
- boolean ssh = Kerberos::ssh_support;
- boolean ignore_unknown = Kerberos::ignore_unknown;
- string clockskew = Kerberos::clockskew;
-
- term con = `HBox (`HSpacing (3), `VBox (
- `VSpacing (0.8),
- // frame label
- `Frame (_("Ticket Attributes"), `HBox(`HSpacing (0.5), `VBox(
- `VSpacing (0.5),
- // textentry label
- `TextEntry (`id (`ticket), _("&Default Lifetime"), ticket),
- // textentry label
- `TextEntry (`id (`renew), _("De&fault Renewable Lifetime"),
- renew),
- // checkbox label
- `Left(`CheckBox (`id (`forw), _("For&wardable"), forw)),
- // checkbox label
- `Left(`CheckBox (`id (`prox), _("&Proxiable"), prox)),
- // checkbox label
- `Left(`CheckBox (`id (`retain), _("R&etained"), retain)),
- `VSpacing (0.5)), `HSpacing (0.5)
- )),
- `VSpacing (0.8),
- `Left(`CheckBox (`id (`ssh),
- // checkbox label
- _("Kerberos Support for Open&SSH Client"), ssh)),
- `VSpacing (0.4),
- `Left (`CheckBox (`id (`ignore_unknown),
- // checkbox label
- _("&Ignore Unknown Users"), ignore_unknown)),
- `VSpacing (0.4),
- // UID=User ID
- `IntField (`id (`uid), _("Minimum &UID"), 0, 60000,
- tointeger (uid)),
- `HBox (
- // textentry label
- `TextEntry (`id (`skew), _("C&lock Skew"), clockskew),
-
- `VBox (
- `Label (""),
- // button label (run YaST client for NTP)
- `PushButton (`id(`ntp), _("&NTP Configuration..."))
- )
- ),
- `VSpacing (),
- `Left (
- // menu button label
- `MenuButton (`id (`nss_client), _("C&onfigure User Data"), [
- // menu item
- `item (`id (`ldap), _("LDAP Client")),
- // menu item
- `item (`id (`nis), _("NIS Client"))
- ])
- ),
- `VSpacing (1)
- ), `HSpacing(3));
-
- Wizard::SetContentsButtons (
- // dialog title
- _("Advanced Kerberos Client Configuration"), con, help_text,
- Label::CancelButton (), Label::AcceptButton ());
- Wizard::HideAbortButton ();
-
- if (Mode::config ())
- {
- UI::ChangeWidget(`id(`ntp), `Enabled, false);
- UI::ChangeWidget(`id(`nss_client), `Enabled, false);
- }
-
- symbol result = nil;
- do
- {
- result = (symbol) UI::UserInput ();
-
- if (result == `ntp || result == `ldap || result == `nis)
- {
- string cl = substring (tostring (result), 1);
- if (Package::Install (sformat ("yast2-%1-client", cl)));
- {
- WFM::CallFunction (cl + "-client", []);
- }
- }
-
- if (result == `next) {
- // check the values (lifetimes: d/m/h)
- ticket = (string) UI::QueryWidget (`id(`ticket), `Value);
- if (!regexpmatch (ticket, "^([0-9]+)[dmh]$") &&
- !regexpmatch (ticket, "^([0-9]+)$"))
- {
- // error popup (wrong format of entered value)
- Popup::Error (_("Lifetime is invalid.
-Try again."));
- UI::SetFocus (`id(`ticket));
- result = `not_next;
- continue;
- }
- renew = (string) UI::QueryWidget (`id(`renew), `Value);
- if (!regexpmatch (renew, "^([0-9]+)[dmh]$") &&
- !regexpmatch (renew, "^([0-9]+)$"))
- {
- // error popup (wrong format of entered value)
- Popup::Error (_("Lifetime is invalid.
-Try again."));
- UI::SetFocus (`id(`renew));
- result = `not_next;
- continue;
- }
- clockskew = (string) UI::QueryWidget (`id(`skew), `Value);
- if (!regexpmatch (clockskew, "^([0-9]+)[dmh]$") &&
- !regexpmatch (clockskew, "^([0-9]+)$"))
- {
- // error popup (wrong format of entered value)
- Popup::Error (_("Clock skew is invalid.
-Try again.
-"));
- UI::SetFocus (`id(`skew));
- result = `not_next;
- continue;
- }
-
- ssh = (boolean) UI::QueryWidget (`id(`ssh), `Value);
-
- }
- if ((result == `abort || result == `cancel) &&
- ReallyAbort () != `abort)
- {
- result = `not_next;
- }
-
- } while (!contains ([`back, `next, `cancel, `abort], result));
-
- if (result == `next)
+ ExpertSettings = (map) union (Kerberos::ExpertSettings, $[
+ "minimum_uid" : Kerberos::minimum_uid,
+ "ticket_lifetime" : Kerberos::ticket_lifetime,
+ "renew_lifetime" : Kerberos::renew_lifetime,
+ "forwardable" : Kerberos::forwardable,
+ "proxiable" : Kerberos::proxiable,
+ "ignore_unknown" : Kerberos::ignore_unknown,
+ "clockskew" : Kerberos::clockskew,
+ "ssh_support" : Kerberos::ssh_support,
+ ]);
+
+ widget_description["tab"] = CWMTab::CreateWidget($[
+ "tab_order" : [ "main", "pam_expert", "services" ],
+ "tabs" : get_tabs_descr (),
+ "widget_descr" : widget_description,
+ "initial_tab" : "main",
+ ]);
+
+ Wizard::SetContentsButtons("", `VBox (), "",
+ Label::CancelButton(), Label::AcceptButton());
+
+ symbol ret = CWM::ShowAndRun ($[
+ "widget_names" : [
+ "tab"
+ ],
+ "widget_descr" : widget_description,
+ "contents" : `VBox ("tab"),
+ // default dialog caption
+ "caption" : _("Advanced Kerberos Client Configuration"),
+ "back_button" : Label::CancelButton (),
+ "next_button" : Label::AcceptButton (),
+ "abort_button" : nil,
+ ]);
+ y2milestone ("Returning %1", ret);
+ if (ret == `next)
{
- Kerberos::minimum_uid = sformat("%1",UI::QueryWidget(`id(`uid),`Value));
- Kerberos::ticket_lifetime = ticket;
- Kerberos::renew_lifetime = renew;
- Kerberos::clockskew = clockskew;
- Kerberos::forwardable = (boolean)UI::QueryWidget (`id(`forw), `Value) ?
- "true" : "false";
- Kerberos::proxiable = (boolean) UI::QueryWidget (`id(`prox), `Value) ?
- "true" : "false";
- Kerberos::retain_after_close =
- (boolean) UI::QueryWidget (`id(`retain), `Value) ? "true" : "false";
- if (ssh != Kerberos::ssh_support)
+ Kerberos::ExpertSettings = ExpertSettings;
+ Kerberos::minimum_uid = ExpertSettings["minimum_uid"]:"1";
+ Kerberos::ticket_lifetime = ExpertSettings["ticket_lifetime"]:"1d";
+ Kerberos::renew_lifetime = ExpertSettings["renew_lifetime"]:"1d";
+ Kerberos::clockskew = ExpertSettings["clockskew"]:"300";
+ Kerberos::forwardable = ExpertSettings["forwardable"]:"false";
+ Kerberos::proxiable = ExpertSettings["proxiable"]:"false";
+ if (ExpertSettings["ssh_support"]:false != Kerberos::ssh_support)
{
- Kerberos::ssh_modified = true;
- Kerberos::ssh_support = ssh;
+ Kerberos::ssh_modified = true;
+ Kerberos::ssh_support = ExpertSettings["ssh_support"]:false;
}
- ignore_unknown = (boolean) UI::QueryWidget (`id(`ignore_unknown), `Value);
- if (ignore_unknown != Kerberos::ignore_unknown)
+ if (ExpertSettings["ignore_unknown"]:false != Kerberos::ignore_unknown)
{
Kerberos::pam_modified = true;
- Kerberos::ignore_unknown = ignore_unknown;
+ Kerberos::ignore_unknown =ExpertSettings["ignore_unknown"]:false;
}
}
- return result;
+ return ret;
}
Modified: trunk/kerberos-client/src/kerberos.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/src/kerberos.ycp?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/src/kerberos.ycp (original)
+++ trunk/kerberos-client/src/kerberos.ycp Fri Dec 14 11:04:45 2007
@@ -24,7 +24,6 @@
import "Kerberos";
import "Wizard";
import "Report";
-import "PackageSystem";
import "RichText";
import "CommandLine";
@@ -90,6 +89,8 @@
Report::Error (_("The value for clock skew must be a positive integer."));
return false;
}
+ if (!Kerberos::ValidateTimeEntries("clockskew",options["clockskew"]:""))
+ return false;
Kerberos::clockskew = options ["clockskew"]:"";
ret = true;
}
@@ -116,6 +117,50 @@
Kerberos::minimum_uid = options ["minimum_uid"]:"";
ret = true;
}
+ if (options["forwardable"]:"" != "" &&
+ options["forwardable"]:"" != Kerberos::forwardable)
+ {
+ Kerberos::forwardable = options["forwardable"]:"";
+ ret = true;
+ }
+ if (options["proxiable"]:"" != "" &&
+ options["proxiable"]:"" != Kerberos::proxiable)
+ {
+ Kerberos::proxiable = options["proxiable"]:"";
+ ret = true;
+ }
+ if (options["ticket_lifetime"]:"" != "" &&
+ options["ticket_lifetime"]:"" != Kerberos::ticket_lifetime)
+ {
+ string val = options["ticket_lifetime"]:"";
+ if (!Kerberos::ValidateTimeEntries ("ticket_lifetime", val))
+ return false;
+ Kerberos::ticket_lifetime = val;
+ ret = true;
+ }
+ if (options["renew_lifetime"]:"" != "" &&
+ options["renew_lifetime"]:"" != Kerberos::renew_lifetime)
+ {
+ string val = options["renew_lifetime"]:"";
+ if (!Kerberos::ValidateTimeEntries ("renew_lifetime", val))
+ return false;
+ Kerberos::renew_lifetime = options["renew_lifetime"]:"";
+ ret = true;
+ }
+ foreach (string expert_key, [
+ "keytab", "ccache_dir", "ccname_template",
+ "mappings", "existing_ticket", "external", "validate", "use_shmem",
+ "addressless", "debug", "debug_sensitive",
+ "initial_prompt", "subsequent_prompt" ],
+ {
+ string val = options[expert_key]:"";
+ if (val != "" && Kerberos::ExpertSettings[expert_key]:"" != val)
+ {
+ Kerberos::ExpertSettings[expert_key] = val;
+ ret = true;
+ }
+ });
+
if (ret)
Kerberos::modified = true;
return ret;
@@ -190,11 +235,102 @@
"help" : _("Clock skew (in seconds)"),
"type" : "string"
],
+ "ticket_lifetime": $[
+ // help text for command line option
+ "help" : _("Default ticket lifetime"),
+ "type" : "string",
+ ],
+ "renew_lifetime": $[
+ // help text for command line option
+ "help" : _("Default renewable lifetime"),
+ "type" : "string",
+ ],
+ "forwardable": $[
+ // help text for command line option
+ "help" : _("Forwardable credentials"),
+ "type" : "string",
+ ],
+ "proxiable": $[
+ // help text for command line option
+ "help" : _("Proxiable credentials"),
+ "type" : "string",
+ ],
+ "keytab" : $[
+ // help text for command line option
+ "help" : _("Keytab File Location"),
+ "type" : "string",
+ ],
+ "ccache_dir" : $[
+ // help text for command line option
+ "help" : _("Credential Cache Directory"),
+ "type" : "string",
+ ],
+ "ccname_template" : $[
+ // help text for command line option
+ "help" : _("Credential Cache Template"),
+ "type" : "string",
+ ],
+ "mappings" : $[
+ // help text for command line option
+ "help" : _("Mappings"),
+ "type" : "string",
+ ],
+ "existing_ticket" : $[
+ // help text for command line option
+ "help" : _("Accept Existing Ticket"),
+ "type" : "string",
+ ],
+ "external" : $[
+ // help text for command line option
+ "help" : _("External credentials"),
+ "type" : "string",
+ ],
+ "validate" : $[
+ // help text for command line option
+ "help" : _("Validate Initial Ticket"),
+ "type" : "string",
+ ],
+ "use_shmem" : $[
+ // help text for command line option
+ "help" : _("Use Shared Memory"),
+ "type" : "string",
+ ],
+ "addressless" : $[
+ // help text for command line option
+ "help" : _("Addressless Initial Tickets"),
+ "type" : "string",
+ ],
+ "debug" : $[
+ // help text for command line option
+ "help" : _("Debug"),
+ "type" : "string",
+ ],
+ "debug_sensitive" : $[
+ // help text for command line option
+ "help" : _("Sensitive debug"),
+ "type" : "string",
+ ],
+ "initial_prompt" : $[
+ // help text for command line option
+ "help" : _("Initial prompt"),
+ "type" : "string",
+ ],
+ "subsequent_prompt" : $[
+ // help text for command line option
+ "help" : _("Subsequent prompt"),
+ "type" : "string",
+ ],
],
"mappings" : $[
"pam" : [ "enable", "disable" ],
"summary" : [],
- "configure" : ["kdc", "domain", "realm", "minimum_uid","clockskew"],
+ "configure" : ["kdc", "domain", "realm", "minimum_uid","clockskew",
+ "ticket_lifetime", "renew_lifetime", "forwardable", "proxiable",
+ "keytab", "ccache_dir", "ccname_template",
+ "mappings", "existing_ticket", "external", "validate", "use_shmem",
+ "addressless", "debug", "debug_sensitive",
+ "initial_prompt", "subsequent_prompt",
+ ],
]
];
Modified: trunk/kerberos-client/testsuite/tests/Read.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/testsuite/tests/Read.out?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/testsuite/tests/Read.out (original)
+++ trunk/kerberos-client/testsuite/tests/Read.out Fri Dec 14 11:04:45 2007
@@ -6,13 +6,24 @@
Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["chimera.suse.cz", "kdc.suse.cz"]
Read .etc.krb5_conf.v."SUSE.CZ"."admin_server" nil
Read .etc.krb5_conf.v."SUSE.CZ"."default_domain" nil
-Read .etc.krb5_conf.v.pam.ticket_lifetime nil
-Read .etc.krb5_conf.v.pam.renew_lifetime nil
-Read .etc.krb5_conf.v.pam.forwardable nil
-Read .etc.krb5_conf.v.pam.proxiable nil
-Read .etc.krb5_conf.v.pam.retain_after_close nil
-Read .etc.krb5_conf.v.pam.minimum_uid ["1"]
-Read .etc.krb5_conf.v.pam.use_shmem [""]
+Read .etc.krb5_conf.v.pam."ticket_lifetime" nil
+Read .etc.krb5_conf.v.pam."renew_lifetime" nil
+Read .etc.krb5_conf.v.pam."forwardable" nil
+Read .etc.krb5_conf.v.pam."proxiable" nil
+Read .etc.krb5_conf.v.pam."minimum_uid" ["1"]
+Read .etc.krb5_conf.v.pam."keytab" nil
+Read .etc.krb5_conf.v.pam."ccache_dir" nil
+Read .etc.krb5_conf.v.pam."ccname_template" nil
+Read .etc.krb5_conf.v.pam."mappings" nil
+Read .etc.krb5_conf.v.pam."existing_ticket" ["true"]
+Read .etc.krb5_conf.v.pam."external" ["false"]
+Read .etc.krb5_conf.v.pam."validate" nil
+Read .etc.krb5_conf.v.pam."use_shmem" nil
+Read .etc.krb5_conf.v.pam."addressless" ["false"]
+Read .etc.krb5_conf.v.pam."debug" nil
+Read .etc.krb5_conf.v.pam."debug_sensitive" nil
+Read .etc.krb5_conf.v.pam."initial_prompt" nil
+Read .etc.krb5_conf.v.pam."subsequent_prompt" nil
Read .etc.krb5_conf.v.pkinit.trusted_servers nil
Execute .target.bash_output "/bin/ypdomainname" $["stdout":"password: "]
Dir .etc.ssh.ssh_config.s: ["*"]
Modified: trunk/kerberos-client/testsuite/tests/Read.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/testsuite/tests/Read.ycp?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/testsuite/tests/Read.ycp (original)
+++ trunk/kerberos-client/testsuite/tests/Read.ycp Fri Dec 14 11:04:45 2007
@@ -31,9 +31,21 @@
"ticket_lifetime": nil,
"forwardable": nil,
"proxiable": nil,
- "retain_after_close": nil,
- "use_shmem" : [""],
"use_authtok" : nil,
+ "keytab" : nil,
+ "ccache_dir" : nil,
+ "ccname_template" : nil,
+ "mappings" : nil,
+ "existing_ticket" : ["true"],
+ "external" : ["false"],
+ "validate" : nil,
+ "use_shmem" : nil,
+ "addressless" : nil,
+ "debug" : nil,
+ "debug_sensitive" : nil,
+ "initial_prompt" : nil,
+ "subsequent_prompt" : nil,
+ "addressless" : ["false"],
],
"pkinit" : $[
"trusted_servers": nil,
Modified: trunk/kerberos-client/testsuite/tests/Write.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/testsuite/tests/Write.out?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/testsuite/tests/Write.out (original)
+++ trunk/kerberos-client/testsuite/tests/Write.out Fri Dec 14 11:04:45 2007
@@ -27,9 +27,7 @@
Write .etc.krb5_conf.v.pam."renew_lifetime" ["1d"] true
Write .etc.krb5_conf.v.pam."forwardable" ["true"] true
Write .etc.krb5_conf.v.pam."proxiable" ["false"] true
-Write .etc.krb5_conf.v.pam."retain_after_close" ["false"] true
Write .etc.krb5_conf.v.pam."minimum_uid" ["1"] true
-Write .etc.krb5_conf.v.pam."use_shmem" ["sshd"] true
Write .etc.krb5_conf nil true
Return true
Dump ==== (pam section doesn't exist) =================================
@@ -43,8 +41,6 @@
Write .etc.krb5_conf.v.appdefaults.pam."renew_lifetime" ["1d"] true
Write .etc.krb5_conf.v.appdefaults.pam."forwardable" ["true"] true
Write .etc.krb5_conf.v.appdefaults.pam."proxiable" ["false"] true
-Write .etc.krb5_conf.v.appdefaults.pam."retain_after_close" ["false"] true
Write .etc.krb5_conf.v.appdefaults.pam."minimum_uid" ["1"] true
-Write .etc.krb5_conf.v.appdefaults.pam."use_shmem" ["sshd"] true
Write .etc.krb5_conf nil true
Return true
Modified: trunk/kerberos-client/testsuite/tests/WriteKrb5ConfValue.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-client/testsuite/tests/WriteKrb5ConfValue.out?rev=43075&r1=43074&r2=43075&view=diff
==============================================================================
--- trunk/kerberos-client/testsuite/tests/WriteKrb5ConfValue.out (original)
+++ trunk/kerberos-client/testsuite/tests/WriteKrb5ConfValue.out Fri Dec 14 11:04:45 2007
@@ -1,7 +1,9 @@
Write .etc.krb5_conf.v.libdefaults.default_realm ["SUSE"] true
Return true
-Return false
-Return false
+Write .etc.krb5_conf.v.libdefaults.default_realm nil true
+Return true
+Write .etc.krb5_conf.v.libdefaults.default_realm nil true
+Return true
Write .etc.krb5_conf.v.SUSE.kdc ["kdc.suse.cz", "kdc.suse.de"] true
Return true
Write .etc.krb5_conf.v.SUSE.kdc ["kdc.suse.cz", "kdc.suse.de"] true
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org