[yast-commit] r63612 - in /branches/SuSE-Code-11-SP2-Branch/ldap-client: src/Ldap.ycp src/ui.ycp testsuite/tests/Read.out

18 Mar 2011

Author: jsuchome
Date: Fri Mar 18 17:15:48 2011
New Revision: 63612

URL: http://svn.opensuse.org/viewcvs/yast?rev=63612&view=rev
Log:
explicitely ask for kerberos+sssd enablement


Modified:
    branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
    branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
    branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp?rev=63612&r1=63611&r2=63612&view=diff
==============================================================================

--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp Fri Mar 18 17:15:48 2011
@@ -318,12 +318,18 @@
     // packages needed for sssd configuration
     global list<string> sssd_packages		= [ "sssd" ];
 
+    // packages needed for sssd + kerberos configuration
+    global list<string> kerberos_packages	= [ "kerberos-client" ];
+
     // if sssd is used instead of pam_ldap/nss_ldap (fate#308902)
     global boolean sssd				= true;
 
     // enable/disable offline authentication ('cache_credentials' key)
     global boolean sssd_cache_credentials	= false;
 
+    // if kerberos should be set up for sssd
+    global boolean sssd_with_krb		= false;
+
     // Kerberos default realm (for sssd)
     global string krb5_realm			= "";
 
@@ -418,8 +424,12 @@
     global  define map AutoPackages() ``{
 
       if (start)
+      {
 	required_packages = (list<string>)
 	    union (required_packages, sssd ? sssd_packages : pam_nss_packages);
+	if (sssd_with_krb)
+	    required_packages = (list<string>) union (required_packages, kerberos_packages);
+      }
 
       list<string> install_pkgs = UpdatedArchPackages (required_packages);
       list remove_pkgs = [];
@@ -911,7 +921,7 @@
 
 	Autologin::Read ();
 
-	if (true || Pam::Enabled("krb5"))
+	if (Pam::Enabled ("krb5"))
 	{
 	    ReadKrb5Conf ();
 	}
@@ -926,6 +936,10 @@
 	    if (kdc != nil)
 		krb5_kdcip	= kdc;
 	}
+	if (krb5_realm != "" && krb5_kdcip != "")
+	{
+	    sssd_with_krb	= true;
+	}
 
 	// Now check if previous configuration of LDAP server didn't proposed
 	// some better values:
@@ -2121,7 +2135,7 @@
 	}
 
 	// In a mixed Kerberos/LDAP setup the following changes are needed in the [domain/default] section:
-	if (krb5_realm != "" && krb5_kdcip != "")
+	if (sssd_with_krb)
 	{
 	    SCR::Write (add (domain, "auth_provider"), "krb5");
 	    SCR::Write (add (domain, "chpass_provider"), "krb5");
@@ -2913,6 +2927,9 @@
 	list<string> needed_packages = sssd?
 		UpdatedArchPackages (sssd_packages) :
 		UpdatedArchPackages (pam_nss_packages);
+	if (sssd_with_krb)
+	    needed_packages = (list<string>) union (
+		needed_packages, UpdatedArchPackages (kerberos_packages));
 
 	if (_start_autofs && !Package::Installed("autofs"))
 	{

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp?rev=63612&r1=63611&r2=63612&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp Fri Mar 18 17:15:48 2011
@@ -514,6 +514,9 @@
 		list<string> needed_packages = Ldap::sssd ?
 		    Ldap::UpdatedArchPackages (Ldap::sssd_packages) :
 		    Ldap::UpdatedArchPackages (Ldap::pam_nss_packages);
+		if (Ldap::sssd_with_krb)
+		    needed_packages	= (list<string>) union (
+			needed_packages, Ldap::UpdatedArchPackages (Ldap::kerberos_packages));
 
 		if (start && !Package::InstalledAll (needed_packages))
 		{
@@ -715,6 +718,7 @@
     boolean sssd		= Ldap::sssd;
     string krb5_realm		= Ldap::krb5_realm;
     string krb5_kdcip		= Ldap::krb5_kdcip;
+    boolean sssd_with_krb	= Ldap::sssd_with_krb;
 
     list<term>member_attributes	= [
 	`item (`id("member"), "member", member_attribute == "member"),
@@ -879,6 +883,9 @@
 	return
 	    // frame label
 	    `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox (
+		// checkbox label
+		`Left (`CheckBox (`id (`sssd_with_krb), `opt (`notify), _("&Use Kerberos"), sssd_with_krb)),
+		`VSpacing(0.4),
 		// textentry label
 		`TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm),
 		// textentry label
@@ -932,6 +939,11 @@
 	UI::ReplaceWidget (`tabContents, cont);
 	if (has_tabs)
 	    UI::ChangeWidget (`id (`tabs), `CurrentItem, `client);
+	if (sssd)
+	{
+	    UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb);
+	    UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb);
+	}
     }
 
     define void set_admin_term () {
@@ -1105,6 +1117,12 @@
 	    sssd	= (boolean) UI::QueryWidget (`id (`sssd), `Value);
 	    UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () : get_frame_nss ());
 	}
+	if (result == `sssd_with_krb)
+	{
+	    sssd_with_krb	= (boolean) UI::QueryWidget (`id (`sssd_with_krb), `Value);
+	    UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb);
+	    UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb);
+	}
 	if (result == `br_tls_cacertdir)
 	{
 	    string dir = UI::AskForExistingDirectory (tls_cacertdir, _("Choose the directory with certificates"));
@@ -1279,6 +1297,8 @@
 		    Ldap::ppolicies[dn]	= pp;
 		}
 	    });
+	    if (krb5_realm == "" || krb5_kdcip == "" || !sssd)
+		sssd_with_krb	= false;
 
 	    if (Ldap::GetMainConfigDN() != base_config_dn	||
 		Ldap::bind_dn != bind_dn			||
@@ -1312,6 +1332,7 @@
 		Ldap::sssd		= sssd;
 		Ldap::krb5_realm	= krb5_realm;
 		Ldap::krb5_kdcip	= krb5_kdcip;
+		Ldap::sssd_with_krb	= sssd_with_krb;
 		Ldap::modified		= true;
 	    }
 	    break;

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out?rev=63612&r1=63611&r2=63612&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out Fri Mar 18 17:15:48 2011
@@ -16,8 +16,6 @@
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0
 Execute	.passwd.init $["base_directory":"/etc"] true
 Read	.passwd.passwd.pluslines ["+"]
-Read	.etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
-Read	.etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
 Return	true
 Dump	============================================
 Dump	ldap used: -true-

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r63612 - in /branches/SuSE-Code-11-SP2-Branch/ldap-client: src/Ldap.ycp src/ui.ycp testsuite/tests/Read.out

jsuchome＠svn2.opensuse.org