Author: jsuchome Date: Fri Mar 18 17:15:48 2011 New Revision: 63612 URL: http://svn.opensuse.org/viewcvs/yast?rev=63612&view=rev Log: explicitely ask for kerberos+sssd enablement Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp?rev=63612&r1=63611&r2=63612&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp Fri Mar 18 17:15:48 2011 @@ -318,12 +318,18 @@ // packages needed for sssd configuration global list<string> sssd_packages = [ "sssd" ]; + // packages needed for sssd + kerberos configuration + global list<string> kerberos_packages = [ "kerberos-client" ]; + // if sssd is used instead of pam_ldap/nss_ldap (fate#308902) global boolean sssd = true; // enable/disable offline authentication ('cache_credentials' key) global boolean sssd_cache_credentials = false; + // if kerberos should be set up for sssd + global boolean sssd_with_krb = false; + // Kerberos default realm (for sssd) global string krb5_realm = ""; @@ -418,8 +424,12 @@ global define map AutoPackages() ``{ if (start) + { required_packages = (list<string>) union (required_packages, sssd ? sssd_packages : pam_nss_packages); + if (sssd_with_krb) + required_packages = (list<string>) union (required_packages, kerberos_packages); + } list<string> install_pkgs = UpdatedArchPackages (required_packages); list remove_pkgs = []; @@ -911,7 +921,7 @@ Autologin::Read (); - if (true || Pam::Enabled("krb5")) + if (Pam::Enabled ("krb5")) { ReadKrb5Conf (); } @@ -926,6 +936,10 @@ if (kdc != nil) krb5_kdcip = kdc; } + if (krb5_realm != "" && krb5_kdcip != "") + { + sssd_with_krb = true; + } // Now check if previous configuration of LDAP server didn't proposed // some better values: @@ -2121,7 +2135,7 @@ } // In a mixed Kerberos/LDAP setup the following changes are needed in the [domain/default] section: - if (krb5_realm != "" && krb5_kdcip != "") + if (sssd_with_krb) { SCR::Write (add (domain, "auth_provider"), "krb5"); SCR::Write (add (domain, "chpass_provider"), "krb5"); @@ -2913,6 +2927,9 @@ list<string> needed_packages = sssd? UpdatedArchPackages (sssd_packages) : UpdatedArchPackages (pam_nss_packages); + if (sssd_with_krb) + needed_packages = (list<string>) union ( + needed_packages, UpdatedArchPackages (kerberos_packages)); if (_start_autofs && !Package::Installed("autofs")) { Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp?rev=63612&r1=63611&r2=63612&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp Fri Mar 18 17:15:48 2011 @@ -514,6 +514,9 @@ list<string> needed_packages = Ldap::sssd ? Ldap::UpdatedArchPackages (Ldap::sssd_packages) : Ldap::UpdatedArchPackages (Ldap::pam_nss_packages); + if (Ldap::sssd_with_krb) + needed_packages = (list<string>) union ( + needed_packages, Ldap::UpdatedArchPackages (Ldap::kerberos_packages)); if (start && !Package::InstalledAll (needed_packages)) { @@ -715,6 +718,7 @@ boolean sssd = Ldap::sssd; string krb5_realm = Ldap::krb5_realm; string krb5_kdcip = Ldap::krb5_kdcip; + boolean sssd_with_krb = Ldap::sssd_with_krb; list<term>member_attributes = [ `item (`id("member"), "member", member_attribute == "member"), @@ -879,6 +883,9 @@ return // frame label `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox ( + // checkbox label + `Left (`CheckBox (`id (`sssd_with_krb), `opt (`notify), _("&Use Kerberos"), sssd_with_krb)), + `VSpacing(0.4), // textentry label `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm), // textentry label @@ -932,6 +939,11 @@ UI::ReplaceWidget (`tabContents, cont); if (has_tabs) UI::ChangeWidget (`id (`tabs), `CurrentItem, `client); + if (sssd) + { + UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb); + UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb); + } } define void set_admin_term () { @@ -1105,6 +1117,12 @@ sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value); UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () : get_frame_nss ()); } + if (result == `sssd_with_krb) + { + sssd_with_krb = (boolean) UI::QueryWidget (`id (`sssd_with_krb), `Value); + UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb); + UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb); + } if (result == `br_tls_cacertdir) { string dir = UI::AskForExistingDirectory (tls_cacertdir, _("Choose the directory with certificates")); @@ -1279,6 +1297,8 @@ Ldap::ppolicies[dn] = pp; } }); + if (krb5_realm == "" || krb5_kdcip == "" || !sssd) + sssd_with_krb = false; if (Ldap::GetMainConfigDN() != base_config_dn || Ldap::bind_dn != bind_dn || @@ -1312,6 +1332,7 @@ Ldap::sssd = sssd; Ldap::krb5_realm = krb5_realm; Ldap::krb5_kdcip = krb5_kdcip; + Ldap::sssd_with_krb = sssd_with_krb; Ldap::modified = true; } break; Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out?rev=63612&r1=63611&r2=63612&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out Fri Mar 18 17:15:48 2011 @@ -16,8 +16,6 @@ Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0 Execute .passwd.init $["base_directory":"/etc"] true Read .passwd.passwd.pluslines ["+"] -Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"] -Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"] Return true Dump ============================================ Dump ldap used: -true- -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org