[PC-BSD Commits] r19398 - pcbsd/current/src-sh/pc-adctl/scripts
svn at pcbsd.org
svn at pcbsd.org
Wed Sep 19 15:46:46 PDT 2012
Author: johnh
Date: 2012-09-19 22:46:46 +0000 (Wed, 19 Sep 2012)
New Revision: 19398
Modified:
pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
Log:
Always use winbind, still working on gdm auth.
Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-pam
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-pam 2012-09-19 22:42:01 UTC (rev 19397)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-pam 2012-09-19 22:46:46 UTC (rev 19398)
@@ -324,30 +324,12 @@
return 0
fi
- if ! AD_UNIX_extensions
- then
- auth="+2auth:sufficient:${pam_winbind}:silent:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
- account="+2account:sufficient:${pam_winbind}:krb5_auth:krb5_ccache_type=FILE"
- session="+session:required:${pam_mkhomedir}"
- password="+0password:sufficient:${pam_winbind}:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
-
- do_pam_conf "${auth}" "${account}" "${session}" "${password}"
- return $?
- fi
-
- auth="+2auth:sufficient:${pam_krb5}:no_warn:use_first_pass"
- account="+2account:sufficient:${pam_krb5}:no_warn"
+ auth="+2auth:sufficient:${pam_winbind}:silent:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
+ account="+2account:sufficient:${pam_winbind}:krb5_auth:krb5_ccache_type=FILE"
session="+session:required:${pam_mkhomedir}"
- password="+0password:optional:${pam_krb5}:no_warn"
+ password="+0password:sufficient:${pam_winbind}:try_first_pass:krb5_auth:krb5_ccache_type=FILE"
do_pam_conf "${auth}" "${account}" "${session}" "${password}"
-
- auth="+3auth:sufficient:${pam_ldap}:use_first_pass"
- account="+3account:sufficient:${pam_ldap}"
- session="+session:optional:${pam_krb5}:no_warn"
- password="+1password:required:${pam_ldap}"
-
- do_pam_conf "${auth}" "${account}" "${session}" "${password}"
return $?
elif checkyesno ldapclient_enable 2>/dev/null
@@ -382,33 +364,14 @@
then
AD_init
- if ! AD_UNIX_extensions
- then
-
- auth="-auth:sufficient:${pam_winbind}"
- account="-account:sufficient:${pam_winbind}"
- session="-session:required:${pam_mkhomedir}"
- password="-password:sufficient:${pam_winbind}"
-
- do_pam_conf "${auth}" "${account}" "${session}" "${password}"
- return $?
- fi
-
- auth="-auth:sufficient:${pam_krb5}"
- account="-account:sufficient:${pam_krb5}"
+ auth="-auth:sufficient:${pam_winbind}"
+ account="-account:sufficient:${pam_winbind}"
session="-session:required:${pam_mkhomedir}"
- password="-password:optional:${pam_krb5}"
+ password="-password:sufficient:${pam_winbind}"
do_pam_conf "${auth}" "${account}" "${session}" "${password}"
+ return $?
- auth="-auth:sufficient:${pam_ldap}"
- account="-account:sufficient:${pam_ldap}"
- session="-session:optional:${pam_krb5}"
- password="-password:required:${pam_ldap}"
-
- do_pam_conf "${auth}" "${account}" "${session}" "${password}"
- return $?
-
elif checkyesno ldapclient_enable 2>/dev/null
then
auth='-auth:sufficient:${pam_ldap}'
More information about the Commits
mailing list