diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-10-17 21:58:00 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-10-18 16:15:12 +0200 |
commit | 92cd987e0a347123d81f83be99787ab77f39ca8e (patch) | |
tree | 8000b5f2bec4da0a03aa91a7facf16c203a22895 /install/share | |
parent | c97f4e8a66ce55df3c32d4a198043ad2e7e8e9cd (diff) | |
download | freeipa-92cd987e0a347123d81f83be99787ab77f39ca8e.tar.gz freeipa-92cd987e0a347123d81f83be99787ab77f39ca8e.tar.xz freeipa-92cd987e0a347123d81f83be99787ab77f39ca8e.zip |
Add ipa-advise plugins for nss-pam-ldapd legacy clients
Add three new ipa-advise plugins, to facilitate configuration of
legacy clients using nss-pam-ldapd:
* config-redhat-nss-pam-ldapd
* config-generic-linux-nss-pam-ldapd
* config-freebsd-nss-pam-ldapd
https://fedorahosted.org/freeipa/ticket/3672
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/advise/legacy/Makefile.am | 4 | ||||
-rw-r--r-- | install/share/advise/legacy/pam.conf.nss_pam_ldapd.template | 22 | ||||
-rw-r--r-- | install/share/advise/legacy/pam.conf.sssd.template (renamed from install/share/advise/legacy/pam.conf.template) | 0 | ||||
-rw-r--r-- | install/share/advise/legacy/pam_conf_sshd.template | 25 | ||||
-rw-r--r-- | install/share/advise/legacy/sssd.conf.template | 4 |
5 files changed, 52 insertions, 3 deletions
diff --git a/install/share/advise/legacy/Makefile.am b/install/share/advise/legacy/Makefile.am index 73cd2718c..412185171 100644 --- a/install/share/advise/legacy/Makefile.am +++ b/install/share/advise/legacy/Makefile.am @@ -3,7 +3,9 @@ NULL = appdir = $(IPA_DATA_DIR)/advise/legacy app_DATA = \ sssd.conf.template \ - pam.conf.template \ + pam.conf.sssd.template \ + pam.conf.nss_pam_ldapd.template \ + pam_conf_sshd.template \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/advise/legacy/pam.conf.nss_pam_ldapd.template b/install/share/advise/legacy/pam.conf.nss_pam_ldapd.template new file mode 100644 index 000000000..9c60c27ef --- /dev/null +++ b/install/share/advise/legacy/pam.conf.nss_pam_ldapd.template @@ -0,0 +1,22 @@ +auth required pam_env.so +auth sufficient pam_unix.so nullok try_first_pass +auth requisite pam_succeed_if.so uid >= 500 quiet +auth sufficient pam_ldap.so use_first_pass +auth required pam_deny.so + +account required pam_unix.so broken_shadow +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account [default=bad success=ok user_unknown=ignore] pam_ldap.so +account required pam_permit.so + +password requisite pam_cracklib.so try_first_pass retry=3 type= +password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok +password sufficient pam_ldap.so use_authtok +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so +session optional pam_ldap.so diff --git a/install/share/advise/legacy/pam.conf.template b/install/share/advise/legacy/pam.conf.sssd.template index bdd91821e..bdd91821e 100644 --- a/install/share/advise/legacy/pam.conf.template +++ b/install/share/advise/legacy/pam.conf.sssd.template diff --git a/install/share/advise/legacy/pam_conf_sshd.template b/install/share/advise/legacy/pam_conf_sshd.template new file mode 100644 index 000000000..488f4998b --- /dev/null +++ b/install/share/advise/legacy/pam_conf_sshd.template @@ -0,0 +1,25 @@ +# PAM configuration for the "sshd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth sufficient /usr/local/lib/pam_ldap.so no_warn +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/install/share/advise/legacy/sssd.conf.template b/install/share/advise/legacy/sssd.conf.template index 28f9c115d..87084870a 100644 --- a/install/share/advise/legacy/sssd.conf.template +++ b/install/share/advise/legacy/sssd.conf.template @@ -8,6 +8,6 @@ re_expression = (?P<name>.+) cache_credentials = True id_provider = ldap auth_provider = ldap -ldap_uri = ldap://$IPA_SERVER_HOSTNAME -ldap_search_base = cn=compat,$BASE_DN +ldap_uri = $URI +ldap_search_base = $BASE ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt |