| 1 |
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files |
| 2 |
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files.ldap-auth 2005-11-20 21:28:07.000000000 -0700 |
| 3 |
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files 2010-11-01 08:23:30.000000000 -0600 |
| 4 |
@@ -1,6 +1,6 @@ |
| 5 |
-passwd: files |
| 6 |
-shadow: files |
| 7 |
-group: files |
| 8 |
+passwd: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' } |
| 9 |
+shadow: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' } |
| 10 |
+group: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' } |
| 11 |
hosts: { ($AccessType eq "off") ? "files" : "files dns" } |
| 12 |
services: files |
| 13 |
networks: files |
| 14 |
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth |
| 15 |
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth.ldap-auth 2008-03-26 10:49:00.000000000 -0600 |
| 16 |
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth 2010-11-01 08:31:11.000000000 -0600 |
| 17 |
@@ -10,5 +10,10 @@ auth required pam_env.so |
| 18 |
$OUT .= "auth required pam_abl.so config=/etc/security/pam_abl.conf"; |
| 19 |
} |
| 20 |
auth sufficient pam_unix.so likeauth nullok |
| 21 |
+{ |
| 22 |
+ my $status = $ldap{Authentication} || 'disabled'; |
| 23 |
+ return unless $status eq 'enabled'; |
| 24 |
+ $OUT .= "auth sufficient pam_ldap.so use_first_pass"; |
| 25 |
+} |
| 26 |
auth required pam_deny.so |
| 27 |
|
| 28 |
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account |
| 29 |
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account.ldap-auth 2008-03-26 10:49:00.000000000 -0600 |
| 30 |
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account 2010-11-01 08:27:52.000000000 -0600 |
| 31 |
@@ -1,5 +1,10 @@ |
| 32 |
account required pam_unix.so broken_shadow |
| 33 |
account sufficient pam_succeed_if.so uid < 100 quiet |
| 34 |
+{ |
| 35 |
+ my $status = $ldap{Authentication} || 'disabled'; |
| 36 |
+ return unless $status eq 'enabled'; |
| 37 |
+ $OUT .= "account [default=bad success=ok user_unknown=ignore] pam_ldap.so"; |
| 38 |
+} |
| 39 |
account required pam_permit.so |
| 40 |
{ |
| 41 |
my $status = $pam_tally{status} || 'disabled'; |
| 42 |
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password |
| 43 |
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password.ldap-auth 2008-03-26 10:49:00.000000000 -0600 |
| 44 |
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password 2010-11-01 08:30:37.000000000 -0600 |
| 45 |
@@ -1,3 +1,8 @@ |
| 46 |
password sufficient pam_unix.so nullok md5 shadow |
| 47 |
+{ |
| 48 |
+ my $status = $ldap{Authentication} || 'disabled'; |
| 49 |
+ return unless $status eq 'enabled'; |
| 50 |
+ $OUT .= "password sufficient pam_ldap.so use_authtok"; |
| 51 |
+} |
| 52 |
password required pam_deny.so |
| 53 |
|
| 54 |
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session |
| 55 |
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session.ldap-auth 2008-03-26 10:49:00.000000000 -0600 |
| 56 |
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session 2010-11-01 08:30:19.000000000 -0600 |
| 57 |
@@ -1,2 +1,7 @@ |
| 58 |
session required pam_limits.so |
| 59 |
session required pam_unix.so |
| 60 |
+{ |
| 61 |
+ my $status = $ldap{Authentication} || 'disabled'; |
| 62 |
+ return unless $status eq 'enabled'; |
| 63 |
+ $OUT .= "session optional pam_ldap.so"; |
| 64 |
+} |
| 65 |
|
| 66 |
diff -up e-smith-base-5.2.0/createlinks.enable-cpu e-smith-base-5.2.0/createlinks |
| 67 |
--- e-smith-base-5.2.0/createlinks.enable-cpu 2010-11-01 10:00:03.000000000 -0600 |
| 68 |
+++ e-smith-base-5.2.0/createlinks 2010-11-01 10:01:53.000000000 -0600 |
| 69 |
@@ -316,7 +316,6 @@ |
| 70 |
templates2events("/etc/smartd.conf", $event); |
| 71 |
templates2events("/home/e-smith/ssl.pem/pem", $event); |
| 72 |
event_link("rmmod-bonding", $event, "10"); |
| 73 |
-event_link("user-lock-passwd", $event, "15"); |
| 74 |
event_link("set-hostname", $event, "10"); |
| 75 |
event_link("conf-modules", $event, "30"); |
| 76 |
event_link("conf-startup", $event, "60"); |
| 77 |
@@ -324,6 +323,14 @@ |
| 78 |
event_link("init-reload", $event, "90"); |
| 79 |
event_link("reset-unsavedflag", $event, "95"); |
| 80 |
|
| 81 |
+#-------------------------------------------------- |
| 82 |
+# actions for bootstrap-ldap-save |
| 83 |
+#-------------------------------------------------- |
| 84 |
+$event = "bootstrap-ldap-save"; |
| 85 |
+ |
| 86 |
+templates2events("/etc/nsswitch.conf", $event); |
| 87 |
+templates2events("/etc/pam.d/system-auth", $event); |
| 88 |
+event_link("user-lock-passwd", $event, "15"); |
| 89 |
|
| 90 |
#-------------------------------------------------- |
| 91 |
# actions for group-create event |
Parent Directory
| 
Revision Log
| 
Revision Graph
