[debian-edu-commits] r81433 - in branches/wheezy/debian-edu-config: cf debian share/debian-edu-config/tools
pere at alioth.debian.org
pere at alioth.debian.org
Sun Jul 7 07:43:38 UTC 2013
Author: pere
Date: 2013-07-07 07:43:37 +0000 (Sun, 07 Jul 2013)
New Revision: 81433
Modified:
branches/wheezy/debian-edu-config/cf/cf.krb5client
branches/wheezy/debian-edu-config/debian/changelog
branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config
Log:
Switch kerberos setup (/etc/krb5.conf) to be generated during
installation using the SRV and TXT entries in DNS, to get
krb5-auth-dialog working on diskless workstations.
Modified: branches/wheezy/debian-edu-config/cf/cf.krb5client
===================================================================
--- branches/wheezy/debian-edu-config/cf/cf.krb5client 2013-07-07 07:17:48 UTC (rev 81432)
+++ branches/wheezy/debian-edu-config/cf/cf.krb5client 2013-07-07 07:43:37 UTC (rev 81433)
@@ -1,29 +1,10 @@
#
# Configure KRB5 client
#
-editfiles:
-
- debian.installation.!standalone::
-
- { /etc/krb5.conf
-
- BeginGroupIfNoLineMatching ' dns_lookup_kdc.*=.*true'
- HashCommentLinesMatching '.*dns_lookup_kdc.*=.*'
- LocateLineMatching '\[libdefaults\]'
- InsertLine ' dns_lookup_kdc = true'
- EndGroup
-
- ResetSearch "1"
-
- BeginGroupIfNoLineMatching ' dns_lookup_realm.*=.*true'
- HashCommentLinesMatching '.*dns_lookup_realm.*=.*'
- HashCommentLinesMatching '.*default_realm.*=.*'
- LocateLineMatching '\[libdefaults\]'
- InsertLine ' dns_lookup_realm = true'
- EndGroup
- }
-
shellcommands:
+ # setup-roaming generate its own krb5.conf, no need to do it here.
+ debian.installation.!standalone.!roaming::
+ "/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf"
debian.installation.!standalone.!roaming::
# Move away Squeeze krb5 pam config to allow us to provide a
@@ -38,3 +19,7 @@
debian.installation.!standalone.!roaming::
/usr/share/pam-configs/edu-krb5 ->! /usr/share/debian-edu-config/pam-config-krb5
+
+files:
+ debian.secondpass.!standalone::
+ /etc/krb5.conf mode=644 act=fixall
Modified: branches/wheezy/debian-edu-config/debian/changelog
===================================================================
--- branches/wheezy/debian-edu-config/debian/changelog 2013-07-07 07:17:48 UTC (rev 81432)
+++ branches/wheezy/debian-edu-config/debian/changelog 2013-07-07 07:43:37 UTC (rev 81433)
@@ -1,9 +1,12 @@
-debian-edu-config (1.709) unstable; urgency=low
+debian-edu-config (1.709~svn) UNRELEASED; urgency=low
[ Petter Reinholdtsen ]
* Extend setup-roaming to also generate krb5.conf dynamically, to
make sure kerberos work properly independent of where the client
is located and what it is named.
+ * Switch kerberos setup (/etc/krb5.conf) to be generated during
+ installation using the SRV and TXT entries in DNS, to get
+ krb5-auth-dialog working on diskless workstations.
-- Petter Reinholdtsen <pere at debian.org> Sun, 07 Jul 2013 09:12:49 +0200
Modified: branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config
===================================================================
--- branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config 2013-07-07 07:17:48 UTC (rev 81432)
+++ branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config 2013-07-07 07:43:37 UTC (rev 81433)
@@ -171,12 +171,18 @@
dnsdomain=$(find_dns_domain "$1")
kerberosrealm=$(lookup_kerberos_realm $dnsdomain)
kerberosserver=$(lookup_kerberos_server "$dnsdomain")
+ error=0
if [ -z "$kerberosserver" ]; then
- # autodetection failed
- return 1
+ # autodetection failed, use defaults to avoid ending up with
+ # an empty file.
+ dnsdomain=intern
+ kerberosrealm=INTERN
+ kerberosserver=kerberos
+ error=1
fi
# setup content based on krb5-config version 2.3
cat <<EOF
+# Generated using $0 -k
[libdefaults]
default_realm = $kerberosrealm
@@ -230,7 +236,7 @@
krb4_get_tickets = false
EOF
-
+ return $error
}
if [ "-k" = "$1" ] ; then
More information about the debian-edu-commits
mailing list