[debian-edu-commits] r81433 - in branches/wheezy/debian-edu-config: cf debian share/debian-edu-config/tools

pere at alioth.debian.org pere at alioth.debian.org
Sun Jul 7 07:43:38 UTC 2013


Author: pere
Date: 2013-07-07 07:43:37 +0000 (Sun, 07 Jul 2013)
New Revision: 81433

Modified:
   branches/wheezy/debian-edu-config/cf/cf.krb5client
   branches/wheezy/debian-edu-config/debian/changelog
   branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config
Log:
Switch kerberos setup (/etc/krb5.conf) to be generated during
installation using the SRV and TXT entries in DNS, to get
krb5-auth-dialog working on diskless workstations.

Modified: branches/wheezy/debian-edu-config/cf/cf.krb5client
===================================================================
--- branches/wheezy/debian-edu-config/cf/cf.krb5client	2013-07-07 07:17:48 UTC (rev 81432)
+++ branches/wheezy/debian-edu-config/cf/cf.krb5client	2013-07-07 07:43:37 UTC (rev 81433)
@@ -1,29 +1,10 @@
 #
 # Configure KRB5 client
 #
-editfiles:
-
-    debian.installation.!standalone::
-
-        { /etc/krb5.conf
-
-            BeginGroupIfNoLineMatching '        dns_lookup_kdc.*=.*true'
-                   HashCommentLinesMatching '.*dns_lookup_kdc.*=.*'
-                   LocateLineMatching '\[libdefaults\]'
-                   InsertLine '        dns_lookup_kdc = true'
-            EndGroup
-
-            ResetSearch "1"
-
-            BeginGroupIfNoLineMatching '        dns_lookup_realm.*=.*true'
-                   HashCommentLinesMatching '.*dns_lookup_realm.*=.*'
-                   HashCommentLinesMatching '.*default_realm.*=.*'
-                   LocateLineMatching '\[libdefaults\]'
-                   InsertLine '        dns_lookup_realm = true'
-            EndGroup
-        }
-
 shellcommands:
+    # setup-roaming generate its own krb5.conf, no need to do it here.
+    debian.installation.!standalone.!roaming::
+	"/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf"
 
     debian.installation.!standalone.!roaming::
 	# Move away Squeeze krb5 pam config to allow us to provide a
@@ -38,3 +19,7 @@
 
     debian.installation.!standalone.!roaming::
         /usr/share/pam-configs/edu-krb5 ->! /usr/share/debian-edu-config/pam-config-krb5
+
+files:
+  debian.secondpass.!standalone::
+	/etc/krb5.conf mode=644 act=fixall

Modified: branches/wheezy/debian-edu-config/debian/changelog
===================================================================
--- branches/wheezy/debian-edu-config/debian/changelog	2013-07-07 07:17:48 UTC (rev 81432)
+++ branches/wheezy/debian-edu-config/debian/changelog	2013-07-07 07:43:37 UTC (rev 81433)
@@ -1,9 +1,12 @@
-debian-edu-config (1.709) unstable; urgency=low
+debian-edu-config (1.709~svn) UNRELEASED; urgency=low
 
   [ Petter Reinholdtsen ]
   * Extend setup-roaming to also generate krb5.conf dynamically, to
     make sure kerberos work properly independent of where the client
     is located and what it is named.
+  * Switch kerberos setup (/etc/krb5.conf) to be generated during
+    installation using the SRV and TXT entries in DNS, to get
+    krb5-auth-dialog working on diskless workstations.
 
  -- Petter Reinholdtsen <pere at debian.org>  Sun, 07 Jul 2013 09:12:49 +0200
 

Modified: branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config
===================================================================
--- branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config	2013-07-07 07:17:48 UTC (rev 81432)
+++ branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config	2013-07-07 07:43:37 UTC (rev 81433)
@@ -171,12 +171,18 @@
     dnsdomain=$(find_dns_domain "$1")
     kerberosrealm=$(lookup_kerberos_realm $dnsdomain)
     kerberosserver=$(lookup_kerberos_server "$dnsdomain")
+    error=0
     if [ -z "$kerberosserver" ];  then
-	# autodetection failed
-	return 1
+	# autodetection failed, use defaults to avoid ending up with
+	# an empty file.
+	dnsdomain=intern
+	kerberosrealm=INTERN
+	kerberosserver=kerberos
+	error=1
     fi
     # setup content based on krb5-config version 2.3
 cat <<EOF
+# Generated using $0 -k
 [libdefaults]
 	default_realm = $kerberosrealm
 
@@ -230,7 +236,7 @@
 	krb4_get_tickets = false
 
 EOF
-
+	return $error
 }
 
 if [ "-k" = "$1" ] ; then




More information about the debian-edu-commits mailing list