[PC-BSD Commits] r19396 - pcbsd/current/src-sh/pc-adctl/scripts

svn at pcbsd.org svn at pcbsd.org
Wed Sep 19 15:30:55 PDT 2012


Author: johnh
Date: 2012-09-19 22:30:55 +0000 (Wed, 19 Sep 2012)
New Revision: 19396

Modified:
   pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch
   pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
   pcbsd/current/src-sh/pc-adctl/scripts/pc-samba
Log:
Always use winbind for NSS searches so that the user list is populated in gdm, using ldap it requires root kerberos access.



Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch	2012-09-19 20:33:19 UTC (rev 19395)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch	2012-09-19 22:30:55 UTC (rev 19396)
@@ -30,11 +30,6 @@
 			return 0
 		fi
 
-		if AD_UNIX_extensions
-		then
-			conftype='ldap'
-		fi
-
 	elif checkyesno ldapclient_enable 2>/dev/null
 	then
 		conftype='ldap'
@@ -90,11 +85,6 @@
 
 		AD_init
 
-		if AD_UNIX_extensions
-		then
-			conftype='ldap'
-		fi
-
 	elif checkyesno ldapclient_enable 2>/dev/null
 	then
 		conftype='ldap'

Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-pam	2012-09-19 20:33:19 UTC (rev 19395)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-pam	2012-09-19 22:30:55 UTC (rev 19396)
@@ -335,17 +335,17 @@
 			return $?
 		fi
 
-		auth="+2auth:sufficient:${pam_ldap}:no_warn:try_first_pass"
-		account="+2account:sufficient:${pam_ldap}:ignore_authinfo_unavail"
+		auth="+2auth:sufficient:${pam_krb5}:no_warn:use_first_pass"
+		account="+2account:sufficient:${pam_krb5}:no_warn"
 		session="+session:required:${pam_mkhomedir}"
-		password="+0password:sufficient:${pam_ldap}:try_first_pass"
+		password="+0password:optional:${pam_krb5}:no_warn"
 
 		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
 
-		auth="+3auth:sufficient:${pam_krb5}:silent:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
-		account="+3account:sufficient:${pam_krb5}:krb5_auth:krb5_ccache_type=FILE"
-		password="+1password:sufficient:${pam_krb5}:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
-		session=""
+		auth="+3auth:sufficient:${pam_ldap}:use_first_pass"
+		account="+3account:sufficient:${pam_ldap}"
+		session="+session:optional:${pam_krb5}:no_warn"
+                password="+1password:required:${pam_ldap}"
 
 		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
 		return $?
@@ -397,14 +397,14 @@
 		auth="-auth:sufficient:${pam_krb5}"
 		account="-account:sufficient:${pam_krb5}"
 		session="-session:required:${pam_mkhomedir}"
-		password="-password:sufficient:${pam_krb5}"
+		password="-password:optional:${pam_krb5}"
 
 		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
 
 		auth="-auth:sufficient:${pam_ldap}"
 		account="-account:sufficient:${pam_ldap}"
-		password="-password:sufficient:${pam_ldap}"
-		session=""
+		session="-session:optional:${pam_krb5}"
+		password="-password:required:${pam_ldap}"
 
 		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
 		return $?		

Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-samba
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-samba	2012-09-19 20:33:19 UTC (rev 19395)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-samba	2012-09-19 22:30:55 UTC (rev 19396)
@@ -171,7 +171,7 @@
 {
 	if checkyesno activedirectory_enable 2>/dev/null
 	then
-		Ad_init
+		AD_init
 		if AD_configured
 		then
 			return 0



More information about the Commits mailing list