[yast-commit] r63257 - in /trunk/ldap-client: VERSION package/yast2-ldap-client.changes src/Ldap.ycp src/ui.ycp testsuite/tests/Read.out
Author: jsuchome Date: Fri Jan 21 17:02:05 2011 New Revision: 63257 URL: http://svn.opensuse.org/viewcvs/yast?rev=63257&view=rev Log: - explicitely ask for kerberos+sssd enablement - 2.20.10 Modified: trunk/ldap-client/VERSION trunk/ldap-client/package/yast2-ldap-client.changes trunk/ldap-client/src/Ldap.ycp trunk/ldap-client/src/ui.ycp trunk/ldap-client/testsuite/tests/Read.out Modified: trunk/ldap-client/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/VERSION?rev=63257&r1=63256&r2=63257&view=diff ============================================================================== --- trunk/ldap-client/VERSION (original) +++ trunk/ldap-client/VERSION Fri Jan 21 17:02:05 2011 @@ -1 +1 @@ -2.20.9 +2.20.10 Modified: trunk/ldap-client/package/yast2-ldap-client.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/package/yast2-ldap-client.changes?rev=63257&r1=63256&r2=63257&view=diff ============================================================================== --- trunk/ldap-client/package/yast2-ldap-client.changes (original) +++ trunk/ldap-client/package/yast2-ldap-client.changes Fri Jan 21 17:02:05 2011 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Fri Jan 21 17:01:21 CET 2011 - jsuchome@suse.cz + +- explicitely ask for kerberos+sssd enablement +- 2.20.10 + +------------------------------------------------------------------- Fri Jan 21 14:40:48 CET 2011 - jsuchome@suse.cz - if sssd is active, ask for basic Kerberos settings (fate#308902) Modified: trunk/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/Ldap.ycp?rev=63257&r1=63256&r2=63257&view=diff ============================================================================== --- trunk/ldap-client/src/Ldap.ycp (original) +++ trunk/ldap-client/src/Ldap.ycp Fri Jan 21 17:02:05 2011 @@ -300,12 +300,18 @@ // packages needed for sssd configuration global list<string> sssd_packages = [ "sssd" ]; + // packages needed for sssd + kerberos configuration + global list<string> kerberos_packages = [ "kerberos-client" ]; + // if sssd is used instead of pam_ldap/nss_ldap (fate#308902) global boolean sssd = true; // enable/disable offline authentication ('cache_credentials' key) global boolean sssd_cache_credentials = false; + // if kerberos should be set up for sssd + global boolean sssd_with_krb = false; + // Kerberos default realm (for sssd) global string krb5_realm = ""; @@ -386,8 +392,12 @@ global define map AutoPackages() ``{ if (start) + { required_packages = (list<string>) union (required_packages, sssd ? sssd_packages : pam_nss_packages); + if (sssd_with_krb) + required_packages = (list<string>) union (required_packages, kerberos_packages); + } return ($["install": required_packages, "remove": []]); } @@ -876,7 +886,7 @@ Autologin::Read (); - if (true || Pam::Enabled("krb5")) + if (Pam::Enabled ("krb5")) { ReadKrb5Conf (); } @@ -891,6 +901,10 @@ if (kdc != nil) krb5_kdcip = kdc; } + if (krb5_realm != "" && krb5_kdcip != "") + { + sssd_with_krb = true; + } // Now check if previous configuration of LDAP server didn't proposed // some better values: @@ -2094,7 +2108,7 @@ } // In a mixed Kerberos/LDAP setup the following changes are needed in the [domain/default] section: - if (krb5_realm != "" && krb5_kdcip != "") + if (sssd_with_krb) { SCR::Write (add (domain, "auth_provider"), "krb5"); SCR::Write (add (domain, "chpass_provider"), "krb5"); @@ -2880,6 +2894,8 @@ block<boolean> abort = ``{ return false; }; list<string> needed_packages = sssd ? sssd_packages : pam_nss_packages; + if (sssd_with_krb) + needed_packages = (list<string>) union (needed_packages, kerberos_packages); if (_start_autofs && !Package::Installed("autofs")) { Modified: trunk/ldap-client/src/ui.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/ui.ycp?rev=63257&r1=63256&r2=63257&view=diff ============================================================================== --- trunk/ldap-client/src/ui.ycp (original) +++ trunk/ldap-client/src/ui.ycp Fri Jan 21 17:02:05 2011 @@ -516,6 +516,8 @@ } list<string> needed_packages = Ldap::sssd ? Ldap::sssd_packages : Ldap::pam_nss_packages; + if (Ldap::sssd_with_krb) + needed_packages = (list<string>) union (needed_packages, Ldap::kerberos_packages); if (start && !Package::InstalledAll (needed_packages)) { @@ -717,6 +719,7 @@ boolean sssd = Ldap::sssd; string krb5_realm = Ldap::krb5_realm; string krb5_kdcip = Ldap::krb5_kdcip; + boolean sssd_with_krb = Ldap::sssd_with_krb; list<term>member_attributes = [ `item (`id("member"), "member", member_attribute == "member"), @@ -881,6 +884,9 @@ return // frame label `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox ( + // checkbox label + `Left (`CheckBox (`id (`sssd_with_krb), `opt (`notify), _("&Use Kerberos"), sssd_with_krb)), + `VSpacing(0.4), // textentry label `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm), // textentry label @@ -934,6 +940,11 @@ UI::ReplaceWidget (`tabContents, cont); if (has_tabs) UI::ChangeWidget (`id (`tabs), `CurrentItem, `client); + if (sssd) + { + UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb); + UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb); + } } define void set_admin_term () { @@ -1107,6 +1118,12 @@ sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value); UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () : get_frame_nss ()); } + if (result == `sssd_with_krb) + { + sssd_with_krb = (boolean) UI::QueryWidget (`id (`sssd_with_krb), `Value); + UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb); + UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb); + } if (result == `br_tls_cacertdir) { string dir = UI::AskForExistingDirectory (tls_cacertdir, _("Choose the directory with certificates")); @@ -1281,6 +1298,8 @@ Ldap::ppolicies[dn] = pp; } }); + if (krb5_realm == "" || krb5_kdcip == "" || !sssd) + sssd_with_krb = false; if (Ldap::GetMainConfigDN() != base_config_dn || Ldap::bind_dn != bind_dn || @@ -1314,6 +1333,7 @@ Ldap::sssd = sssd; Ldap::krb5_realm = krb5_realm; Ldap::krb5_kdcip = krb5_kdcip; + Ldap::sssd_with_krb = sssd_with_krb; Ldap::modified = true; } break; Modified: trunk/ldap-client/testsuite/tests/Read.out URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/testsuite/tests/Read.out?rev=63257&r1=63256&r2=63257&view=diff ============================================================================== --- trunk/ldap-client/testsuite/tests/Read.out (original) +++ trunk/ldap-client/testsuite/tests/Read.out Fri Jan 21 17:02:05 2011 @@ -16,8 +16,6 @@ Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0 Execute .passwd.init $["base_directory":"/etc"] true Read .passwd.passwd.pluslines ["+"] -Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"] -Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"] Return true Dump ============================================ Dump ldap used: -true- -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org
participants (1)
-
jsuchome@svn2.opensuse.org