Mailinglist Archive: yast-commit (195 mails)

< Previous Next >
[yast-commit] r63592 - in /branches/SuSE-Code-11-SP2-Branch/kerberos-client: ./ agents/ package/ src/ testsuite/tests/
Author: jsuchome
Date: Fri Mar 18 11:17:46 2011
New Revision: 63592

URL: http://svn.opensuse.org/viewcvs/yast?rev=63592&view=rev
Log:
(backporting SSSD feature from 11.4:)

- do not use pam_krb5 when sssd is configured (fate#308902)
- when sssd is configured, update sssd.conf's kerberos values
- agent for krb5.conf moved to yast2-pam to be usable by ldap-client
- do not install pam_krb5 if sssd is configured (bnc#666186)
- show an info that sssd is configured (fate#308902)
- 2.17.9


Removed:
branches/SuSE-Code-11-SP2-Branch/kerberos-client/agents/etc_krb5_conf.scr
Modified:
branches/SuSE-Code-11-SP2-Branch/kerberos-client/VERSION

branches/SuSE-Code-11-SP2-Branch/kerberos-client/package/yast2-kerberos-client.changes
branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/Kerberos.ycp
branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/dialogs.ycp
branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.rnc
branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.ycp
branches/SuSE-Code-11-SP2-Branch/kerberos-client/testsuite/tests/Read.out

branches/SuSE-Code-11-SP2-Branch/kerberos-client/yast2-kerberos-client.spec.in

Modified: branches/SuSE-Code-11-SP2-Branch/kerberos-client/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/VERSION?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/kerberos-client/VERSION (original)
+++ branches/SuSE-Code-11-SP2-Branch/kerberos-client/VERSION Fri Mar 18
11:17:46 2011
@@ -1 +1 @@
-2.17.8
+2.17.9

Modified:
branches/SuSE-Code-11-SP2-Branch/kerberos-client/package/yast2-kerberos-client.changes
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/package/yast2-kerberos-client.changes?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
---
branches/SuSE-Code-11-SP2-Branch/kerberos-client/package/yast2-kerberos-client.changes
(original)
+++
branches/SuSE-Code-11-SP2-Branch/kerberos-client/package/yast2-kerberos-client.changes
Fri Mar 18 11:17:46 2011
@@ -1,4 +1,14 @@
-------------------------------------------------------------------
+Fri Mar 18 10:45:39 CET 2011 - jsuchome@xxxxxxx
+
+- do not use pam_krb5 when sssd is configured (fate#308902)
+- when sssd is configured, update sssd.conf's kerberos values
+- agent for krb5.conf moved to yast2-pam to be usable by ldap-client
+- do not install pam_krb5 if sssd is configured (bnc#666186)
+- show an info that sssd is configured (fate#308902)
+- 2.17.9
+
+-------------------------------------------------------------------
Mon Feb 8 11:11:06 CET 2010 - jsuchome@xxxxxxx

- leave DNS checkbox disabled when DNS info is not available

Modified: branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/Kerberos.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/Kerberos.ycp?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/Kerberos.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/Kerberos.ycp Fri Mar
18 11:17:46 2011
@@ -107,6 +107,9 @@
// if DNS is used for retrieving configuration data
global boolean dns_used = false;

+// if sssd is configured, do not use pam_krb5
+global boolean sssd = false;
+
/**
map with the settings configurable in the expert tabs
*/
@@ -151,6 +154,8 @@
ExpertSettings = client["ExpertSettings"]:$[];
if (!haskey (ExpertSettings, "use_shmem") && haskey (client, "use_shmem"))
ExpertSettings["use_shmem"] = use_shmem;
+
+ sssd = settings["sssd"]:sssd;
pam_modified = true;
modified = true;
ssh_modified = true;
@@ -167,6 +172,7 @@
map export_map = $[
"pam_login": $[
"use_kerberos" : use_pam_krb,
+ "sssd" : sssd,
],
"kerberos_client": $[
"default_domain" : default_domain,
@@ -432,6 +438,8 @@
if (ssh_support == nil)
ssh_support = false;

+ sssd = Pam::Enabled ("sss");
+
return true;
}

@@ -499,7 +507,26 @@
// -- pam settings
if (pam_modified || write_only)
{
- if (use_pam_krb)
+ // whem sssd is configured, do not use pam_krb5 and update sssd.conf
+ // fate#308902
+ if (sssd)
+ {
+ y2milestone ("not using pam_krb5 because sssd is configured");
+ Pam::Remove ("krb5");
+
+ y2milestone ("updating sssd.conf with new kerberos values");
+
+ path domain = add (.etc.sssd_conf.v, "domain/default");
+ SCR::Write (add (domain, "auth_provider"), "krb5");
+ SCR::Write (add (domain, "chpass_provider"), "krb5");
+ SCR::Write (add (domain, "krb5_realm"), default_realm);
+ SCR::Write (add (domain, "krb5_kdcip"), kdc);
+ if (!SCR::Write(.etc.sssd_conf, nil))
+ {
+ y2error ("error writing ldap.conf file");
+ }
+ }
+ else if (use_pam_krb)
{
Pam::Add ("krb5");
// If ldap is configured we need to change it to ldap-account_only
@@ -740,13 +767,27 @@
return ret;
}

+/*
+ * Return the list of packages for kerberos configuration
+ */
+global list<string> RequiredPackages () {
+
+ list<string> packages = required_packages;
+ // do not install pam_krb5 if sssd is configured
+ if (sssd)
+ {
+ packages = filter (string p, packages, ``(p != "pam_krb5"));
+ }
+ return packages;
+}
+
/**
* Return required packages for auto-installation
* @return map of packages to be installed and to be removed
*/
global define map AutoPackages() {
return ($[
- "install": UpdatedArchPackages (required_packages),
+ "install": UpdatedArchPackages (RequiredPackages ()),
"remove": []
]);
}

Modified: branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/dialogs.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/dialogs.ycp?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/dialogs.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/dialogs.ycp Fri Mar 18
11:17:46 2011
@@ -383,7 +383,7 @@
}
if (result == `next && use_pam_krb)
{
- if (!Package::InstallAll (Kerberos::UpdatedArchPackages
(Kerberos::required_packages)))
+ if (!Package::InstallAll (Kerberos::UpdatedArchPackages
(Kerberos::RequiredPackages ())))
{
result = `not_next;
use_pam_krb = false;
@@ -392,6 +392,14 @@
UI::ChangeWidget (`id (widget), `Enabled, use_pam_krb);
});
}
+ if (Kerberos::sssd)
+ {
+ // popup message
+ Popup::Message ("System Security Services Daemon (SSSD) is
configured.
+It is in use for Kerberos authentication instead of pam_krb5.
+
+You can disable SSSD in yast2 ldap-client module.");
+ }
}
} while (!contains ([`back, `cancel, `abort, `next, `advanced], result));


Modified: branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.rnc
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.rnc?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.rnc (original)
+++ branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.rnc Fri Mar
18 11:17:46 2011
@@ -9,7 +9,8 @@


pam_login = element pam_login {
- element use_kerberos { BOOLEAN }?
+ element use_kerberos { BOOLEAN }? &
+ element sssd { BOOLEAN }?
}

kerberos_client = element kerberos_client {

Modified: branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.ycp?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/kerberos-client/src/kerberos.ycp Fri Mar
18 11:17:46 2011
@@ -213,7 +213,7 @@
*/
define boolean KerberosWrite ()
{
- if (!Package::InstallAll (Kerberos::UpdatedArchPackages
(Kerberos::required_packages)))
+ if (!Package::InstallAll (Kerberos::UpdatedArchPackages
(Kerberos::RequiredPackages ())))
return false;
return Kerberos::Write ();
}

Modified:
branches/SuSE-Code-11-SP2-Branch/kerberos-client/testsuite/tests/Read.out
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/testsuite/tests/Read.out?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/kerberos-client/testsuite/tests/Read.out
(original)
+++ branches/SuSE-Code-11-SP2-Branch/kerberos-client/testsuite/tests/Read.out
Fri Mar 18 11:17:46 2011
@@ -31,6 +31,7 @@
Dir .etc.ssh.ssh_config.v."*": ["GSSAPIAuthentication",
"GSSAPIDelegateCredentials"]
Read .etc.ssh.ssh_config.v."*"."GSSAPIAuthentication" "yes"
Read .etc.ssh.ssh_config.v."*"."GSSAPIDelegateCredentials" "yes"
+Execute .target.bash_output "pam-config -q --sss" $["stdout":"password:
"]
Return true
Dump ============================================
Dump kerberos used: true
@@ -47,6 +48,7 @@
Dir .etc.ssh.ssh_config.v."*": ["GSSAPIAuthentication",
"GSSAPIDelegateCredentials"]
Read .etc.ssh.ssh_config.v."*"."GSSAPIAuthentication" "yes"
Read .etc.ssh.ssh_config.v."*"."GSSAPIDelegateCredentials" "yes"
+Execute .target.bash_output "pam-config -q --sss" $["stdout":"password:
"]
Return true
Dump default realm: SUSE.CZ
Dump ============================================

Modified:
branches/SuSE-Code-11-SP2-Branch/kerberos-client/yast2-kerberos-client.spec.in
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/kerberos-client/yast2-kerberos-client.spec.in?rev=63592&r1=63591&r2=63592&view=diff
==============================================================================
---
branches/SuSE-Code-11-SP2-Branch/kerberos-client/yast2-kerberos-client.spec.in
(original)
+++
branches/SuSE-Code-11-SP2-Branch/kerberos-client/yast2-kerberos-client.spec.in
Fri Mar 18 11:17:46 2011
@@ -3,8 +3,8 @@
@HEADER@
BuildRequires: doxygen perl-XML-Writer update-desktop-files yast2
yast2-devtools yast2-pam yast2-testsuite

-# new Pam.ycp API
-Requires: yast2-pam >= 2.14.0
+# etc_krb5_conf.scr
+Requires: yast2-pam >= 2.17.3

# Hostname::CurrentDomain, CurrentHostname
Requires: yast2 >= 2.16.48

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages