Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 869482 Details for
Bug 726050
sys-auth/pambase: add pam_sss from sssd
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add sssd support
0001-Add-sssd-support.patch (text/plain), 5.34 KB, created by
Christopher Byrne
on 2023-09-03 16:46:03 UTC
(
hide
)
Description:
Add sssd support
Filename:
MIME Type:
Creator:
Christopher Byrne
Created:
2023-09-03 16:46:03 UTC
Size:
5.34 KB
patch
obsolete
>From 91ad9c3f8f9e13ada4449c5eca0ccb181ca0fe1a Mon Sep 17 00:00:00 2001 >From: Christopher Byrne <salah.coronya@gmail.com> >Date: Sun, 3 Sep 2023 11:32:19 -0500 >Subject: [PATCH] Add sssd support > >Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> >--- > pambase.py | 7 ++++++- > templates/system-auth.tpl | 38 ++++++++++++++++++++++++++++++------ > templates/system-session.tpl | 4 ++++ > 3 files changed, 42 insertions(+), 7 deletions(-) > >diff --git a/pambase.py b/pambase.py >index 3875e89..ceec8cb 100755 >--- a/pambase.py >+++ b/pambase.py >@@ -19,6 +19,7 @@ def main(): > parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') > parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') > parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module') >+ parser.add_argument('--sssd', action="store_true", help='enable sssd.so module') > parser.add_argument('--yescrypt', action="store_true", help='enable yescrypt option for pam_unix.so module') > parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module') > parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module') >@@ -41,7 +42,8 @@ def process_args(args): > "unix_authtok", > "unix_extended_encryption", > "likeauth", >- "nullok" >+ "nullok", >+ "local_users_only" > ] > > # create a blank dictionary >@@ -62,6 +64,9 @@ def process_args(args): > if args.krb5: > output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip() > >+ if args.sssd: >+ output["local_users_only"] = "local_users_only" >+ > if args.yescrypt: > output["unix_extended_encryption"] = "yescrypt shadow" > elif args.sha512: >diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl >index 9739b6f..570d968 100644 >--- a/templates/system-auth.tpl >+++ b/templates/system-auth.tpl >@@ -7,34 +7,55 @@ auth sufficient pam_ssh.so > auth [success={{ 4 if homed else 3 }} default=ignore] pam_krb5.so {{ krb5_params }} > {% endif %} > >+{% if sssd %} >+auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular >+auth [default=3 ignore=ignore success=ok] pam_localuser.so >+{% endif %} >+ > auth requisite pam_faillock.so preauth >+ > {% if homed %} > auth [success=2 default=ignore] pam_systemd_home.so > {% endif %} >+ >+{% if sssd %} >+auth sufficient pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} >+{% else %} > auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass >+{% endif %} > auth [default=die] pam_faillock.so authfail >- >+{% if sssd %} >+auth sufficient pam_sss.so forward_pass {{ debug|default('', true) }} >+{% endif %} > {% if caps %} > auth optional pam_cap.so > {% endif %} >- >+{% if sssd %} >+auth sufficient pam_deny.so >+{% endif %} > {% if krb5 %} > account [success=2 default=ignore] pam_krb5.so {{ krb5_params }} > {% endif %} > > {% if homed %} >-account [success=1 default=ignore] pam_systemd_home.so >+account [success={{ 2 if sssd else 1 }} default=ignore] pam_systemd_home.so > {% endif %} > > account required pam_unix.so {{ debug|default('', true) }} > account required pam_faillock.so >+{% if sssd %} >+account sufficient pam_localuser.so >+account sufficient pam_usertype.so issystem >+account [default=bad success=ok user_unknown=ignore] pam_sss.so {{ debug|default('', true) }} >+account required pam_permit.so >+{% endif %} > > {% if passwdqc %} > password required pam_passwdqc.so config=/etc/security/passwdqc.conf > {% endif %} > > {% if pwquality %} >-password required pam_pwquality.so >+password required pam_pwquality.so {{ local_users_only|default('', true ) }} > {% endif %} > > {% if pwhistory %} >@@ -50,9 +71,14 @@ password [success=1 default=ignore] pam_systemd_home.so > {% endif %} > > {% if passwdqc or pwquality %} >-password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} >+password {{ 'sufficient' if sssd else 'required' }} pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} > {% else %} >-password required pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} >+password {{ 'sufficient' if sssd else 'required' }} pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} >+{% endif %} >+ >+{% if sssd %} >+password sufficient pam_sss.so use_authtok >+password required pam_deny.so > {% endif %} > > {% if pam_ssh %} >diff --git a/templates/system-session.tpl b/templates/system-session.tpl >index 536db49..4c5585b 100644 >--- a/templates/system-session.tpl >+++ b/templates/system-session.tpl >@@ -13,3 +13,7 @@ session [success=1 default=ignore] pam_systemd_home.so > {% endif %} > > session required pam_unix.so {{ debug|default('', true) }} >+ >+{% if sssd %} >+session optional pam_sss.so {{ debug|default('', true) }} >+{% endif %} >-- >2.41.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 726050
: 869482 |
882661