[PC-BSD Commits] r19398 - pcbsd/current/src-sh/pc-adctl/scripts

svn at pcbsd.org svn at pcbsd.org
Wed Sep 19 15:46:46 PDT 2012


Author: johnh
Date: 2012-09-19 22:46:46 +0000 (Wed, 19 Sep 2012)
New Revision: 19398

Modified:
   pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
Log:
Always use winbind, still working on gdm auth.



Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-pam	2012-09-19 22:42:01 UTC (rev 19397)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-pam	2012-09-19 22:46:46 UTC (rev 19398)
@@ -324,30 +324,12 @@
 			return 0
 		fi
 
-		if ! AD_UNIX_extensions
-		then
-			auth="+2auth:sufficient:${pam_winbind}:silent:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
-			account="+2account:sufficient:${pam_winbind}:krb5_auth:krb5_ccache_type=FILE"
-			session="+session:required:${pam_mkhomedir}"
-			password="+0password:sufficient:${pam_winbind}:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
-
-			do_pam_conf "${auth}" "${account}" "${session}" "${password}"
-			return $?
-		fi
-
-		auth="+2auth:sufficient:${pam_krb5}:no_warn:use_first_pass"
-		account="+2account:sufficient:${pam_krb5}:no_warn"
+		auth="+2auth:sufficient:${pam_winbind}:silent:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
+		account="+2account:sufficient:${pam_winbind}:krb5_auth:krb5_ccache_type=FILE"
 		session="+session:required:${pam_mkhomedir}"
-		password="+0password:optional:${pam_krb5}:no_warn"
+		password="+0password:sufficient:${pam_winbind}:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
 
 		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
-
-		auth="+3auth:sufficient:${pam_ldap}:use_first_pass"
-		account="+3account:sufficient:${pam_ldap}"
-		session="+session:optional:${pam_krb5}:no_warn"
-                password="+1password:required:${pam_ldap}"
-
-		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
 		return $?
 
 	elif checkyesno ldapclient_enable 2>/dev/null
@@ -382,33 +364,14 @@
 	then
 		AD_init
 
-		if ! AD_UNIX_extensions
-		then
-
-			auth="-auth:sufficient:${pam_winbind}"
-			account="-account:sufficient:${pam_winbind}"
-			session="-session:required:${pam_mkhomedir}"
-			password="-password:sufficient:${pam_winbind}"
-
-			do_pam_conf "${auth}" "${account}" "${session}" "${password}"
-			return $?
-		fi
-
-		auth="-auth:sufficient:${pam_krb5}"
-		account="-account:sufficient:${pam_krb5}"
+		auth="-auth:sufficient:${pam_winbind}"
+		account="-account:sufficient:${pam_winbind}"
 		session="-session:required:${pam_mkhomedir}"
-		password="-password:optional:${pam_krb5}"
+		password="-password:sufficient:${pam_winbind}"
 
 		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
+		return $?
 
-		auth="-auth:sufficient:${pam_ldap}"
-		account="-account:sufficient:${pam_ldap}"
-		session="-session:optional:${pam_krb5}"
-		password="-password:required:${pam_ldap}"
-
-		do_pam_conf "${auth}" "${account}" "${session}" "${password}"
-		return $?		
-
 	elif checkyesno ldapclient_enable 2>/dev/null
 	then
 		auth='-auth:sufficient:${pam_ldap}'



More information about the Commits mailing list