[PC-BSD Commits] r19396 - pcbsd/current/src-sh/pc-adctl/scripts
svn at pcbsd.org
svn at pcbsd.org
Wed Sep 19 15:30:55 PDT 2012
Author: johnh
Date: 2012-09-19 22:30:55 +0000 (Wed, 19 Sep 2012)
New Revision: 19396
Modified:
pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch
pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
pcbsd/current/src-sh/pc-adctl/scripts/pc-samba
Log:
Always use winbind for NSS searches so that the user list is populated in gdm, using ldap it requires root kerberos access.
Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch 2012-09-19 20:33:19 UTC (rev 19395)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-nsswitch 2012-09-19 22:30:55 UTC (rev 19396)
@@ -30,11 +30,6 @@
return 0
fi
- if AD_UNIX_extensions
- then
- conftype='ldap'
- fi
-
elif checkyesno ldapclient_enable 2>/dev/null
then
conftype='ldap'
@@ -90,11 +85,6 @@
AD_init
- if AD_UNIX_extensions
- then
- conftype='ldap'
- fi
-
elif checkyesno ldapclient_enable 2>/dev/null
then
conftype='ldap'
Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-pam 2012-09-19 20:33:19 UTC (rev 19395)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-pam 2012-09-19 22:30:55 UTC (rev 19396)
@@ -335,17 +335,17 @@
return $?
fi
- auth="+2auth:sufficient:${pam_ldap}:no_warn:try_first_pass"
- account="+2account:sufficient:${pam_ldap}:ignore_authinfo_unavail"
+ auth="+2auth:sufficient:${pam_krb5}:no_warn:use_first_pass"
+ account="+2account:sufficient:${pam_krb5}:no_warn"
session="+session:required:${pam_mkhomedir}"
- password="+0password:sufficient:${pam_ldap}:try_first_pass"
+ password="+0password:optional:${pam_krb5}:no_warn"
do_pam_conf "${auth}" "${account}" "${session}" "${password}"
- auth="+3auth:sufficient:${pam_krb5}:silent:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
- account="+3account:sufficient:${pam_krb5}:krb5_auth:krb5_ccache_type=FILE"
- password="+1password:sufficient:${pam_krb5}:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
- session=""
+ auth="+3auth:sufficient:${pam_ldap}:use_first_pass"
+ account="+3account:sufficient:${pam_ldap}"
+ session="+session:optional:${pam_krb5}:no_warn"
+ password="+1password:required:${pam_ldap}"
do_pam_conf "${auth}" "${account}" "${session}" "${password}"
return $?
@@ -397,14 +397,14 @@
auth="-auth:sufficient:${pam_krb5}"
account="-account:sufficient:${pam_krb5}"
session="-session:required:${pam_mkhomedir}"
- password="-password:sufficient:${pam_krb5}"
+ password="-password:optional:${pam_krb5}"
do_pam_conf "${auth}" "${account}" "${session}" "${password}"
auth="-auth:sufficient:${pam_ldap}"
account="-account:sufficient:${pam_ldap}"
- password="-password:sufficient:${pam_ldap}"
- session=""
+ session="-session:optional:${pam_krb5}"
+ password="-password:required:${pam_ldap}"
do_pam_conf "${auth}" "${account}" "${session}" "${password}"
return $?
Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-samba
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-samba 2012-09-19 20:33:19 UTC (rev 19395)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-samba 2012-09-19 22:30:55 UTC (rev 19396)
@@ -171,7 +171,7 @@
{
if checkyesno activedirectory_enable 2>/dev/null
then
- Ad_init
+ AD_init
if AD_configured
then
return 0
More information about the Commits
mailing list