Mailinglist Archive: yast-commit (195 mails)

< Previous Next >
[yast-commit] r63612 - in /branches/SuSE-Code-11-SP2-Branch/ldap-client: src/Ldap.ycp src/ui.ycp testsuite/tests/Read.out
Author: jsuchome
Date: Fri Mar 18 17:15:48 2011
New Revision: 63612

URL: http://svn.opensuse.org/viewcvs/yast?rev=63612&view=rev
Log:
explicitely ask for kerberos+sssd enablement


Modified:
branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp?rev=63612&r1=63611&r2=63612&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp Fri Mar 18
17:15:48 2011
@@ -318,12 +318,18 @@
// packages needed for sssd configuration
global list<string> sssd_packages = [ "sssd" ];

+ // packages needed for sssd + kerberos configuration
+ global list<string> kerberos_packages = [ "kerberos-client" ];
+
// if sssd is used instead of pam_ldap/nss_ldap (fate#308902)
global boolean sssd = true;

// enable/disable offline authentication ('cache_credentials' key)
global boolean sssd_cache_credentials = false;

+ // if kerberos should be set up for sssd
+ global boolean sssd_with_krb = false;
+
// Kerberos default realm (for sssd)
global string krb5_realm = "";

@@ -418,8 +424,12 @@
global define map AutoPackages() ``{

if (start)
+ {
required_packages = (list<string>)
union (required_packages, sssd ? sssd_packages : pam_nss_packages);
+ if (sssd_with_krb)
+ required_packages = (list<string>) union (required_packages,
kerberos_packages);
+ }

list<string> install_pkgs = UpdatedArchPackages (required_packages);
list remove_pkgs = [];
@@ -911,7 +921,7 @@

Autologin::Read ();

- if (true || Pam::Enabled("krb5"))
+ if (Pam::Enabled ("krb5"))
{
ReadKrb5Conf ();
}
@@ -926,6 +936,10 @@
if (kdc != nil)
krb5_kdcip = kdc;
}
+ if (krb5_realm != "" && krb5_kdcip != "")
+ {
+ sssd_with_krb = true;
+ }

// Now check if previous configuration of LDAP server didn't proposed
// some better values:
@@ -2121,7 +2135,7 @@
}

// In a mixed Kerberos/LDAP setup the following changes are needed in
the [domain/default] section:
- if (krb5_realm != "" && krb5_kdcip != "")
+ if (sssd_with_krb)
{
SCR::Write (add (domain, "auth_provider"), "krb5");
SCR::Write (add (domain, "chpass_provider"), "krb5");
@@ -2913,6 +2927,9 @@
list<string> needed_packages = sssd?
UpdatedArchPackages (sssd_packages) :
UpdatedArchPackages (pam_nss_packages);
+ if (sssd_with_krb)
+ needed_packages = (list<string>) union (
+ needed_packages, UpdatedArchPackages (kerberos_packages));

if (_start_autofs && !Package::Installed("autofs"))
{

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp?rev=63612&r1=63611&r2=63612&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp Fri Mar 18 17:15:48
2011
@@ -514,6 +514,9 @@
list<string> needed_packages = Ldap::sssd ?
Ldap::UpdatedArchPackages (Ldap::sssd_packages) :
Ldap::UpdatedArchPackages (Ldap::pam_nss_packages);
+ if (Ldap::sssd_with_krb)
+ needed_packages = (list<string>) union (
+ needed_packages, Ldap::UpdatedArchPackages
(Ldap::kerberos_packages));

if (start && !Package::InstalledAll (needed_packages))
{
@@ -715,6 +718,7 @@
boolean sssd = Ldap::sssd;
string krb5_realm = Ldap::krb5_realm;
string krb5_kdcip = Ldap::krb5_kdcip;
+ boolean sssd_with_krb = Ldap::sssd_with_krb;

list<term>member_attributes = [
`item (`id("member"), "member", member_attribute == "member"),
@@ -879,6 +883,9 @@
return
// frame label
`Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox (
+ // checkbox label
+ `Left (`CheckBox (`id (`sssd_with_krb), `opt (`notify), _("&Use
Kerberos"), sssd_with_krb)),
+ `VSpacing(0.4),
// textentry label
`TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm),
// textentry label
@@ -932,6 +939,11 @@
UI::ReplaceWidget (`tabContents, cont);
if (has_tabs)
UI::ChangeWidget (`id (`tabs), `CurrentItem, `client);
+ if (sssd)
+ {
+ UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb);
+ UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb);
+ }
}

define void set_admin_term () {
@@ -1105,6 +1117,12 @@
sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value);
UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () :
get_frame_nss ());
}
+ if (result == `sssd_with_krb)
+ {
+ sssd_with_krb = (boolean) UI::QueryWidget (`id
(`sssd_with_krb), `Value);
+ UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb);
+ UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb);
+ }
if (result == `br_tls_cacertdir)
{
string dir = UI::AskForExistingDirectory (tls_cacertdir, _("Choose
the directory with certificates"));
@@ -1279,6 +1297,8 @@
Ldap::ppolicies[dn] = pp;
}
});
+ if (krb5_realm == "" || krb5_kdcip == "" || !sssd)
+ sssd_with_krb = false;

if (Ldap::GetMainConfigDN() != base_config_dn ||
Ldap::bind_dn != bind_dn ||
@@ -1312,6 +1332,7 @@
Ldap::sssd = sssd;
Ldap::krb5_realm = krb5_realm;
Ldap::krb5_kdcip = krb5_kdcip;
+ Ldap::sssd_with_krb = sssd_with_krb;
Ldap::modified = true;
}
break;

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out?rev=63612&r1=63611&r2=63612&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out
(original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out Fri
Mar 18 17:15:48 2011
@@ -16,8 +16,6 @@
Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0
Execute .passwd.init $["base_directory":"/etc"] true
Read .passwd.passwd.pluslines ["+"]
-Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
-Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
Return true
Dump ============================================
Dump ldap used: -true-

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages