[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. 1f0fc1ecec3cce09294cfaefbb417107c3b8ccb6

Andreas B. Mundt andi.mundt at web.de
Fri Jan 27 15:09:05 UTC 2012 

The following commit has been merged in the master branch:
commit 1f0fc1ecec3cce09294cfaefbb417107c3b8ccb6
Author: Andreas B. Mundt <andi.mundt at web.de>
Date:   Fri Jan 27 16:05:14 2012 +0100

    Kerberize NFSv4 (sec=krb5i) by default.  Add magic that makes this
    work for diskless clients with no machine credentials (keytab).

diff --git a/fai/config/files/etc/ldap/autofs.ldif/SERVER_A b/fai/config/files/etc/ldap/autofs.ldif/SERVER_A
index f14ac4e..bcbc686 100644
--- a/fai/config/files/etc/ldap/autofs.ldif/SERVER_A
+++ b/fai/config/files/etc/ldap/autofs.ldif/SERVER_A
@@ -39,4 +39,4 @@ ou: auto.mainserver
 dn: cn=/,ou=auto.mainserver,ou=automount,dc=intern
 objectClass: automount
 cn: /
-automountInformation: -fstype=nfs4,sec=sys,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid mainserver.intern:/&
+automountInformation: -fstype=nfs4,sec=krb5i,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid mainserver.intern:/&
diff --git a/fai/config/files/usr/sbin/nbdswapd/DISKLESS_SERVER b/fai/config/files/usr/sbin/nbdswapd/DISKLESS_SERVER
index 0ca2774..6e169ae 100755
--- a/fai/config/files/usr/sbin/nbdswapd/DISKLESS_SERVER
+++ b/fai/config/files/usr/sbin/nbdswapd/DISKLESS_SERVER
@@ -4,7 +4,7 @@
 
 ## swap file and size (in MB):
 SWAP=$(mktemp)
-SIZE="128"
+SIZE="64"
 
 ## create swap file:
 dd if=/dev/zero of=$SWAP bs=1024k count=0 seek=$SIZE 2> /dev/null
diff --git a/fai/config/package_config/DISKLESS_CLIENT b/fai/config/package_config/DISKLESS_CLIENT
index 526c847..58a42bf 100644
--- a/fai/config/package_config/DISKLESS_CLIENT
+++ b/fai/config/package_config/DISKLESS_CLIENT
@@ -1,5 +1,6 @@
 PACKAGES aptitude
 nbd-client
+libpam-script
 
 lxde
 lxtask
diff --git a/fai/config/scripts/DISKLESS_CLIENT/20-server b/fai/config/scripts/DISKLESS_CLIENT/20-server
index 977fbf6..50c2994 100755
--- a/fai/config/scripts/DISKLESS_CLIENT/20-server
+++ b/fai/config/scripts/DISKLESS_CLIENT/20-server
@@ -22,7 +22,7 @@ append initrd=$INITRD ip=dhcp root=/dev/nfs nfsroot=/opt boot=live
 EOF
 else
 
-    echo "The template $TEMPLATE existes already!"
+    echo "The template $TEMPLATE exists already!"
 fi
 
 fai-chboot -vc diskless default
diff --git a/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5 b/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
new file mode 100755
index 0000000..5f3fdf4
--- /dev/null
+++ b/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+set -e
+
+FILE=${target}/usr/share/libpam-script/pam_script_auth
+
+ainsl ${target}/etc/default/nfs-common 'RPCGSSDOPTS="-n"'  
+ainsl ${target}/etc/pam.d/common-auth  'auth    optional  pam_script.so' 
+
+cat > $FILE <<EOF
+#!/bin/sh
+#
+set -e
+if [ \$PAM_USER = "root" ] || ls /tmp/krb5cc_diskless > /dev/null 2>&1; then
+    exit 0
+fi
+
+FILE=/tmp/krb5cc_diskless
+cp -v /tmp/krb5cc_pam_* \$FILE
+/etc/init.d/autofs restart > /dev/null
+
+exit 0
+EOF
+
+chmod 0755 $FILE

-- 
Debian-LAN development and packaging

More information about the debian-lan-devel mailing list