switch to release candidate, reworked authnz module, some typos
This commit is contained in:
levasseur
@@ -1,35 +1,72 @@
|
||||
# Ajout de la gestion d'une authentification centralisé
|
||||
# ------------------------------------------------------------------------------
|
||||
# Add local or remote users
|
||||
# ------------------------------------------------------------------------------
|
||||
# Variable:
|
||||
# * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ?
|
||||
# * REMOTE_USERS: List of remote users to add
|
||||
# * LOCAL_USERS: List of local users to create
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_authnz=0.0.1
|
||||
export VER_authnz=0.1.0
|
||||
|
||||
# Users (from Ldap)
|
||||
add_users()
|
||||
add_remote_user()
|
||||
{
|
||||
backupdist /etc/passwd /etc/shadow /etc/group
|
||||
sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
|
||||
echo "+kroot::::::" >> /etc/passwd
|
||||
echo "+kroot::::::::" >> /etc/shadow
|
||||
#sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
|
||||
echo "+$1::::::" >> /etc/passwd
|
||||
echo "+$1::::::::" >> /etc/shadow
|
||||
}
|
||||
|
||||
# Create a local user
|
||||
create_user()
|
||||
{
|
||||
useradd -Um $1
|
||||
}
|
||||
|
||||
# Authentication
|
||||
authnz()
|
||||
{
|
||||
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
|
||||
if [[ $WITH_LDAP_KERB==yes ]]; then
|
||||
pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
|
||||
|
||||
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
|
||||
/etc/nsswitch.conf /etc/pam.d/common-session \
|
||||
/etc/pam.d/common-account /etc/pam.d/common-password \
|
||||
/etc/pam.d/common-auth
|
||||
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
|
||||
installfile common-session common-account common-password common-auth \
|
||||
/etc/pam.d
|
||||
backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf \
|
||||
/etc/nsswitch.conf /etc/pam.d/common-session \
|
||||
/etc/pam.d/common-account /etc/pam.d/common-password \
|
||||
/etc/pam.d/common-auth
|
||||
installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
|
||||
installfile common-session common-account common-password common-auth \
|
||||
/etc/pam.d
|
||||
|
||||
scv_restart nscd
|
||||
scv_restart nscd
|
||||
fi
|
||||
|
||||
add_users
|
||||
for usr in $REMOTE_USERS; do
|
||||
add_remote_user $usr
|
||||
done
|
||||
|
||||
for usr in $LOCAL_USERS; do
|
||||
prnt I "Création de l'utilisateur $usr..."
|
||||
create_user $usr
|
||||
done
|
||||
}
|
||||
|
||||
precheck_authnz()
|
||||
{
|
||||
:
|
||||
if [[ $WITH_LDAP_KERB == "yes" ]]; then
|
||||
if [[ -n $REMOTE_USERS ]]; then
|
||||
prnt I "Les utilisateurs distants suivants seront accessible :"
|
||||
prnt m "\t$REMOTE_USERS"
|
||||
else
|
||||
prnt W "Pas d'utilisateur distant bien que LDAP/Kerberos soit activé !"
|
||||
fi
|
||||
else
|
||||
if [[ -n $REMOTE_USERS ]]; then
|
||||
prnt E "Impossible d'ajouter des utilisateurs distants sans les méchanismes d'authentication."
|
||||
fi
|
||||
fi
|
||||
if [[ -n $LOCAL_USERS ]]; then
|
||||
prnt I "Les utilisateurs locaux suivants seront créés :"
|
||||
prnt m "\t$LOCAL_USERS"
|
||||
fi
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user