diff options
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/advise/legacy/Makefile.am | 4 | ||||
-rw-r--r-- | install/share/advise/legacy/pam.conf.nss_pam_ldapd.template | 22 | ||||
-rw-r--r-- | install/share/advise/legacy/pam.conf.sssd.template (renamed from install/share/advise/legacy/pam.conf.template) | 0 | ||||
-rw-r--r-- | install/share/advise/legacy/pam_conf_sshd.template | 25 | ||||
-rw-r--r-- | install/share/advise/legacy/sssd.conf.template | 4 |
5 files changed, 52 insertions, 3 deletions
diff --git a/install/share/advise/legacy/Makefile.am b/install/share/advise/legacy/Makefile.am index 73cd2718c..412185171 100644 --- a/install/share/advise/legacy/Makefile.am +++ b/install/share/advise/legacy/Makefile.am @@ -3,7 +3,9 @@ NULL = appdir = $(IPA_DATA_DIR)/advise/legacy app_DATA = \ sssd.conf.template \ - pam.conf.template \ + pam.conf.sssd.template \ + pam.conf.nss_pam_ldapd.template \ + pam_conf_sshd.template \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/advise/legacy/pam.conf.nss_pam_ldapd.template b/install/share/advise/legacy/pam.conf.nss_pam_ldapd.template new file mode 100644 index 000000000..9c60c27ef --- /dev/null +++ b/install/share/advise/legacy/pam.conf.nss_pam_ldapd.template @@ -0,0 +1,22 @@ +auth required pam_env.so +auth sufficient pam_unix.so nullok try_first_pass +auth requisite pam_succeed_if.so uid >= 500 quiet +auth sufficient pam_ldap.so use_first_pass +auth required pam_deny.so + +account required pam_unix.so broken_shadow +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account [default=bad success=ok user_unknown=ignore] pam_ldap.so +account required pam_permit.so + +password requisite pam_cracklib.so try_first_pass retry=3 type= +password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok +password sufficient pam_ldap.so use_authtok +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so +session optional pam_ldap.so diff --git a/install/share/advise/legacy/pam.conf.template b/install/share/advise/legacy/pam.conf.sssd.template index bdd91821e..bdd91821e 100644 --- a/install/share/advise/legacy/pam.conf.template +++ b/install/share/advise/legacy/pam.conf.sssd.template diff --git a/install/share/advise/legacy/pam_conf_sshd.template b/install/share/advise/legacy/pam_conf_sshd.template new file mode 100644 index 000000000..488f4998b --- /dev/null +++ b/install/share/advise/legacy/pam_conf_sshd.template @@ -0,0 +1,25 @@ +# PAM configuration for the "sshd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth sufficient /usr/local/lib/pam_ldap.so no_warn +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/install/share/advise/legacy/sssd.conf.template b/install/share/advise/legacy/sssd.conf.template index 28f9c115d..87084870a 100644 --- a/install/share/advise/legacy/sssd.conf.template +++ b/install/share/advise/legacy/sssd.conf.template @@ -8,6 +8,6 @@ re_expression = (?P<name>.+) cache_credentials = True id_provider = ldap auth_provider = ldap -ldap_uri = ldap://$IPA_SERVER_HOSTNAME -ldap_search_base = cn=compat,$BASE_DN +ldap_uri = $URI +ldap_search_base = $BASE ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt |