switch to release candidate, reworked authnz module, some typos
This commit is contained in:
levasseur
@@ -19,14 +19,21 @@
|
||||
# ----------------------------- Section générale -------------------------------
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# Utilisateur de la machine (celui qui a été renseigné dans l'installeur Ubuntu)
|
||||
export MAINUSER="levasseur"
|
||||
# Utilisateur de la machine (doit exister)
|
||||
MAINUSER=levasseur
|
||||
|
||||
# Interface réseau principale
|
||||
export MAINIF="eth0"
|
||||
MAINIF=eth0
|
||||
|
||||
# Pilotes X11 non libre à installer ?
|
||||
export X11_DRV="nvidia-drivers"
|
||||
X11_DRV="nvidia-drivers"
|
||||
|
||||
# Authentification: utiliser LDAP+Kerberos ?
|
||||
WITH_LDAP_KERB=no
|
||||
|
||||
# Utilisateurs à créer ou ajouter
|
||||
LOCAL_USERS="$MAINUSER"
|
||||
#REMOTE_USERS="kroot"
|
||||
|
||||
# Indique la déclinaison d'Ubuntu à installer
|
||||
# * xubuntu : bureau XFCE léger (par défaut)
|
||||
@@ -34,15 +41,15 @@ export X11_DRV="nvidia-drivers"
|
||||
# * kubuntu : bureau KDE lourd, très configurable
|
||||
# * ubuntu-mate : bureau Mate intermédiaire légèrement configurable
|
||||
# * lubuntu : bureau LXQT très léger
|
||||
export UBUNTU_FLAVOR=xubuntu
|
||||
UBUNTU_FLAVOR=xubuntu
|
||||
|
||||
# Booléen indiquant une ou plusieurs futures VM
|
||||
# Les lignes suivantes devraient être commentés si à false
|
||||
export WITH_VM="true"
|
||||
. $MYPATH/conf/includes/legos_vm_win7.conf.sh
|
||||
#WITH_VM=yes
|
||||
#. $MYPATH/conf/includes/legos_vm_win7.conf.sh
|
||||
|
||||
# Nom de la VM
|
||||
VM_NAME=vm-levasseur
|
||||
#VM_NAME=vm-levasseur
|
||||
|
||||
# Logiciels optionnels non packagé Debian
|
||||
# export WITH_MATLAB="true"
|
||||
@@ -52,7 +59,7 @@ VM_NAME=vm-levasseur
|
||||
# Mode d'installation :
|
||||
# * dev : installe les paquets un par un avec apt (lent)
|
||||
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
|
||||
export INTALL_MODE=dev
|
||||
INTALL_MODE=full
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# ------------------------- Section disque de calcul ---------------------------
|
||||
@@ -60,20 +67,20 @@ export INTALL_MODE=dev
|
||||
|
||||
# Niveau ZFS : mirror (RAID1), raidz1 (RAID5), raidz2 (RAID6)
|
||||
# Laisser vide pour RAID0
|
||||
export CALCLEVEL=""
|
||||
CALCLEVEL=""
|
||||
|
||||
# Liste de lecteurs à utiliser (voir dans /dev/disk/by-id)
|
||||
# Un seul tolléré pour Ext4 et XFS, plusieurs séparés par des espaces pour ZFS
|
||||
export CALCDRV="/dev/disk/by-id/ata-ST2000DM008-2FR102_ZFL3AGRQ"
|
||||
#CALCDRV=/dev/disk/by-id/ata-ST2000DM008-2FR102_ZFL3AGRQ
|
||||
|
||||
# Doit on forcer l'effacement du disque ?
|
||||
export FORCEBLANK=false
|
||||
FORCEBLANK=false
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# -------------------------- Section modules d'init ----------------------------
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# Liste des modules à executer (surchargeable en ligne de commande)
|
||||
export MODULE_LIST="upgrade_dist conf_disks conf_locale conf_ntp conf_ssh \
|
||||
MODULE_LIST="upgrade_dist authnz conf_disks conf_locale conf_ntp conf_ssh \
|
||||
conf_mail install_desktop install_pkg install_chromium \
|
||||
install_profile"
|
||||
|
||||
2
init.sh
2
init.sh
@@ -19,7 +19,7 @@ export LC_ALL=C
|
||||
export LANG=C
|
||||
|
||||
# Version of init
|
||||
export VERSION="0.95.4"
|
||||
export VERSION="0.99.1"
|
||||
|
||||
# Store script's path
|
||||
export MYPATH=$(dirname $0)
|
||||
|
||||
@@ -82,20 +82,20 @@ prnt() {
|
||||
case $1 in
|
||||
"I")
|
||||
HEADS="[ ${IGreen}info${DEFAULTFG} ]"
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
"W")
|
||||
HEADS="[${IYellow}Attention${DEFAULTFG}]"
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
"E")
|
||||
HEADS="[ ${IRed}ERREUR${DEFAULTFG} ]"
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
"m")
|
||||
HEADS=" "
|
||||
shift
|
||||
;;
|
||||
"m")
|
||||
HEADS=" "
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
echo -e "${IWhite}$(date $DATEFORMAT)${DEFAULTFG} ${HEADS} $@"
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ TMPDIR="/tmp/init-$VERSION"
|
||||
|
||||
mkdir $TMPDIR
|
||||
|
||||
cp -av conf lib modules doc init.sh README.* LICENSE $TMPDIR
|
||||
cp -av conf lib modules repo doc init.sh README.* LICENSE $TMPDIR
|
||||
|
||||
tar --gzip -cvf ~/init.sh-$VERSION.tar.gz $TMPDIR
|
||||
|
||||
|
||||
@@ -1,35 +1,72 @@
|
||||
# Ajout de la gestion d'une authentification centralisé
|
||||
# ------------------------------------------------------------------------------
|
||||
# Add local or remote users
|
||||
# ------------------------------------------------------------------------------
|
||||
# Variable:
|
||||
# * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ?
|
||||
# * REMOTE_USERS: List of remote users to add
|
||||
# * LOCAL_USERS: List of local users to create
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_authnz=0.0.1
|
||||
export VER_authnz=0.1.0
|
||||
|
||||
# Users (from Ldap)
|
||||
add_users()
|
||||
add_remote_user()
|
||||
{
|
||||
backupdist /etc/passwd /etc/shadow /etc/group
|
||||
sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
|
||||
echo "+kroot::::::" >> /etc/passwd
|
||||
echo "+kroot::::::::" >> /etc/shadow
|
||||
#sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
|
||||
echo "+$1::::::" >> /etc/passwd
|
||||
echo "+$1::::::::" >> /etc/shadow
|
||||
}
|
||||
|
||||
# Create a local user
|
||||
create_user()
|
||||
{
|
||||
useradd -Um $1
|
||||
}
|
||||
|
||||
# Authentication
|
||||
authnz()
|
||||
{
|
||||
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
|
||||
if [[ $WITH_LDAP_KERB==yes ]]; then
|
||||
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
|
||||
|
||||
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
|
||||
/etc/nsswitch.conf /etc/pam.d/common-session \
|
||||
/etc/pam.d/common-account /etc/pam.d/common-password \
|
||||
/etc/pam.d/common-auth
|
||||
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
|
||||
installfile common-session common-account common-password common-auth \
|
||||
/etc/pam.d
|
||||
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
|
||||
/etc/nsswitch.conf /etc/pam.d/common-session \
|
||||
/etc/pam.d/common-account /etc/pam.d/common-password \
|
||||
/etc/pam.d/common-auth
|
||||
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
|
||||
installfile common-session common-account common-password common-auth \
|
||||
/etc/pam.d
|
||||
|
||||
scv_restart nscd
|
||||
scv_restart nscd
|
||||
fi
|
||||
|
||||
add_users
|
||||
for usr in $REMOTE_USERS; do
|
||||
add_remote_user $usr
|
||||
done
|
||||
|
||||
for usr in $LOCAL_USERS; do
|
||||
prnt I "Création de l'utilisateur $usr..."
|
||||
create_user $usr
|
||||
done
|
||||
}
|
||||
|
||||
precheck_authnz()
|
||||
{
|
||||
:
|
||||
if [[ $WITH_LDAP_KERB == "yes" ]]; then
|
||||
if [[ -n $REMOTE_USERS ]]; then
|
||||
prnt I "Les utilisateurs distants suivants seront accessible :"
|
||||
prnt m "\t$REMOTE_USERS"
|
||||
else
|
||||
prnt W "Pas d'utilisateur distant bien que LDAP/Kerberos soit activé !"
|
||||
fi
|
||||
else
|
||||
if [[ -n $REMOTE_USERS ]]; then
|
||||
prnt E "Impossible d'ajouter des utilisateurs distants sans les méchanismes d'authentication."
|
||||
fi
|
||||
fi
|
||||
if [[ -n $LOCAL_USERS ]]; then
|
||||
prnt I "Les utilisateurs locaux suivants seront créés :"
|
||||
prnt m "\t$LOCAL_USERS"
|
||||
fi
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user