[PC-BSD Commits] r18012 - pcbsd/current/src-sh/pc-adctl/scripts
svn at pcbsd.org
svn at pcbsd.org
Mon Jul 30 21:43:07 PDT 2012
Author: johnh
Date: 2012-07-31 04:43:07 +0000 (Tue, 31 Jul 2012)
New Revision: 18012
Modified:
pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos
Log:
We have pc-kerberos now! w00t.
Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos 2012-07-31 04:29:04 UTC (rev 18011)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos 2012-07-31 04:43:07 UTC (rev 18012)
@@ -9,10 +9,13 @@
. /usr/local/etc/rc.AD
: ${PATH_KRB5_CONFIG:="/etc/krb5.conf"}
+: ${KRBCONF:="/usr/local/bin/krbconf"}
-#
-# For now, blatently overwrite /etc/krb5.conf
-#
+esc()
+{
+ echo "${1}" | sed 's|\.|\\.|g'
+}
+
generate_krb5_conf()
{
local _dcname="${1}"
@@ -27,49 +30,47 @@
local _admin_server=${_kdc}
local _domain=$(echo ${_domainname} | tr A-Z a-z)
- cat<<__EOF__>"${PATH_KRB5_CONFIG}"
-[appdefaults]
- pam = {
- forwardable = true
- krb4_convert = false
- debug = false
- ticket_lifetime = 36000
- renew_lifetime = 36000
- }
+ local tmp=$(mktemp /tmp/krb5.XXXXXX)
-[libdefaults]
- dns_lookup_realm = true
- dns_lookup_kdc = true
- ticket_lifetime = 24h
- clockskew = 300
- forwardable = yes
- default_realm = ${_upper_realm}
+ cp "${PATH_KRB5_CONFIG}" "${PATH_KRB5_CONFIG}.orig"
+ ${KRBCONF} \
+ -c -m "^appdefaults.pam.forwardable=true" \
+ -c -m "^appdefaults.pam.krb4_convert=false" \
+ -c -m "^appdefaults.pam.debug=false" \
+ -c -m "^appdefaults.pam.ticket_lifetime=36000" \
+ -c -m "^appdefaults.pam.renew_lifetime=36000" \
+ \
+ -c -m "^libdefaults.dns_lookup_realm=true" \
+ -c -m "^libdefaults.dns_lookup_kdc=true" \
+ -c -m "^libdefaults.ticket_lifetime=24h" \
+ -c -m "^libdefaults.clockskew=300" \
+ -c -m "^libdefaults.forwardable=yes" \
+ -c -m "^libdefaults.default_realm=${_upper_realm}" \
+ \
+ -c -m "^logging.default=SYSLOG:INFO:LOCAL7" \
+ \
+ -c -m "^realms.$(esc ${_upper_realm}).kdc=${_kdc}" \
+ -c -m "^realms.$(esc ${_upper_realm}).admin_server=${_admin_server}" \
+ -c -m "^realms.$(esc ${_upper_realm}).default_domain=${_domain}" \
+ \
+ -c -m "^domain_realm.$(esc ${_lower_realm})=${_upper_realm}" \
+ -c -m "^domain_realm.$(esc .${_lower_realm})=${_upper_realm}" \
+ -c -m "^domain_realm.$(esc ${_upper_realm})=${_upper_realm}" \
+ -c -m "^domain_realm.$(esc .${_upper_realm})=${_upper_realm}" \
+ \
+ -o "${tmp}"
-[logging]
- default = SYSLOG:INFO:LOCAL7
+ if [ "$?" = "0" -a -s "${tmp}" ]
+ then
+ mv "${tmp}" "${PATH_KRB5_CONFIG}"
+ return $?
+ fi
-[realms]
- ${_upper_realm} = {
- kdc = ${_kdc}
- admin_server = ${_admin_server}
- default_domain = ${_domain}
- }
-
-[domain_realm]
- ${_lower_realm} = ${_upper_realm}
- .${_lower_realm} = ${_upper_realm}
- ${_upper_realm} = ${_upper_realm}
- .${_upper_realm} = ${_upper_realm}
-
-__EOF__
-
return 0
}
-generate_kerberos_files()
+ad_krb5conf_start()
{
- : ${activedirectory_krb5conf_overwrite:="YES"}
-
if checkyesno activedirectory_enable 2>/dev/null
then
AD_init
@@ -80,18 +81,25 @@
adminname=$(AD_get adminname)
adminpw=$(AD_get adminpw)
- if checkyesno activedirectory_krb5conf_overwrite 2>/dev/null
- then
- generate_krb5_conf "${dcname}" "${domainname}" \
- "${netbiosname}" "${adminname}" "${adminpw}"
- fi
-
+ generate_krb5_conf "${dcname}" "${domainname}" \
+ "${netbiosname}" "${adminname}" "${adminpw}"
fi
}
+ad_krb5conf_stop()
+{
+ if checkyesno activedirectory_enable 2>/dev/null
+ then
+ cp "${PATH_KRB5_CONFIG}.orig" "${PATH_KRB5_CONFIG}"
+ return $?
+ fi
+
+ return 0
+}
+
name="pc-kerberos"
-start_cmd='generate_kerberos_files'
-stop_cmd=':'
+start_cmd='ad_krb5conf_start'
+stop_cmd='ad_krb5conf_stop'
load_rc_config $name
run_rc_command "$1"
More information about the Commits
mailing list