[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye] 4 commits: share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service...
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Sun Jan 30 20:41:06 GMT 2022
Mike Gabriel pushed to branch bullseye at Debian Edu / debian-edu-config
Commits:
71074906 by Mike Gabriel at 2022-01-14T22:22:14+01:00
share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service principals if they don't yet exist. (Closes: #1002014).
- - - - -
f093a35e by Mike Gabriel at 2022-01-14T22:22:31+01:00
share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.
- - - - -
4c9a9087 by Mike Gabriel at 2022-01-14T22:34:50+01:00
etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal network sent to root@<mynetwork-names>. (Closes: #1003727).
- - - - -
bb669429 by Mike Gabriel at 2022-01-14T22:52:27+01:00
share/debian-edu-config/tools/setup-freeradius-server: Fix integer comparison in run-by-root check. Script was not executable fully (not even as root).
- - - - -
5 changed files:
- debian/changelog
- etc/exim4/exim-ldap-server-v4.conf
- share/debian-edu-config/tools/gosa-create-host
- share/debian-edu-config/tools/gosa-modify-host
- share/debian-edu-config/tools/setup-freeradius-server
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,19 @@
+debian-edu-config (2.11.56+deb11u3) UNRELEASED; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
+ network sent to root@<mynetwork-names>. (Closes: #1003727).
+
+ [ Mike Gabriel ]
+ * share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service
+ principals if they don't yet exist. (Closes: #1002014).
+ * share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.
+ * share/debian-edu-config/tools/setup-freeradius-server: Fix integer
+ comparison in run-by-root check. Script was not executable fully (not even
+ as root).
+
+ -- Mike Gabriel <sunweaver at debian.org> Fri, 14 Dec 2021 22:21:50 +0100
+
debian-edu-config (2.11.56+deb11u2) bullseye; urgency=medium
[ Mike Gabriel ]
=====================================
etc/exim4/exim-ldap-server-v4.conf
=====================================
@@ -204,6 +204,7 @@ begin acl
# ACL that is used after the RCPT command
acl_check_rcpt:
accept local_parts = postmaster
+ accept local_parts = root
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
=====================================
share/debian-edu-config/tools/gosa-create-host
=====================================
@@ -33,7 +33,7 @@ find_fqdn() {
}
}
-## lookup user and create home directory and principal:
+## lookup host and create host/<host> and nfs/<host> Krb5 principals:
ldapsearch -xLLL "(&(cn=$HOSTNAME)(|(objectClass=GOHard)(|(objectClass=ipHost))))" \
cn ipHostNumber macAddress 2>/dev/null | perl -p00e 's/\r?\n //g' | \
while read KEY VALUE ; do
=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -7,11 +7,19 @@ set -ex
HOST="$1"
-kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
-kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
-kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
-kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
-logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'$HOST\' created.
+# This is only for kerberizing host entries in LDAP stemming from earlier installations
+# of Debian Edu... Normally, host and service principals should have been created
+# by the gosa-host-create hook script.
+if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null | grep -q "^Principal: host/$HOST.intern at .*"; then
+ kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
+ kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+ logger -t gosa-modify-host -p notice Krb5 host principal \'host/$HOST.intern\' created and added to host-specific keytab file.
+fi
+if ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null | grep -q "^Principal: nfs/$HOST.intern at .*"; then
+ kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
+ kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+ logger -t gosa-modify-host -p notice Krb5 service principal \'nfs/$HOST.intern\' created and added to host-specific keytab file.
+fi
# update services:
/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
=====================================
share/debian-edu-config/tools/setup-freeradius-server
=====================================
@@ -28,7 +28,7 @@ echo "-------------------------------------------------------------------------"
fi
# Check execute permission.
-if [ ! -d $DIRNAME ] && [ $(id -u) > 0 ]; then
+if [ ! -d $DIRNAME ] && [ $(id -u) -gt 0 ]; then
echo "Please run $0 as root or use sudo, exiting."
exit 0
fi
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/cb54f387c0ad043fbce8e612e46e3b5c2f2b1d6f...bb669429dc3c803a64adeae3b1496f869dca7f38
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/cb54f387c0ad043fbce8e612e46e3b5c2f2b1d6f...bb669429dc3c803a64adeae3b1496f869dca7f38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220130/e84045c7/attachment-0001.htm>
More information about the debian-edu-commits
mailing list