SOURCES: partimaged-ssl.cnf (NEW), partimaged.pam (NEW), partimage...

Thu Apr 10 13:31:38 CEST 2008

Author: arekm                        Date: Thu Apr 10 11:31:38 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- pam and ssl support

---- Files affected:
SOURCES:
   partimaged-ssl.cnf (NONE -> 1.1)  (NEW), partimaged.pam (NONE -> 1.1)  (NEW), partimaged.init (1.9 -> 1.10) 

---- Diffs:

================================================================
Index: SOURCES/partimaged-ssl.cnf
diff -u /dev/null SOURCES/partimaged-ssl.cnf:1.1

--- /dev/null	Thu Apr 10 13:31:38 2008
+++ SOURCES/partimaged-ssl.cnf	Thu Apr 10 13:31:33 2008
@@ -0,0 +1,36 @@
+# Robin H. Johnson <robbat2 at gentoo.org> - October 17, 2003
+# This is the openssl config file to generate keys for partimage
+# It is read by mkservercert
+
+[ req ]
+# you can increase this value, but be aware that it will make things much slower
+# this should be a power of 2!
+default_bits = 1024
+# leave the rest of these alone!
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+# 2-Letter ISO country code
+C=US
+# FULL name of state/province/district
+# NO abbreviations!
+ST=Alabama
+# FULL name of city
+# NO abbreviations!
+L=Mobile
+# Full Name of your organization
+# NO abbreviations!
+O=Foobar Systems
+# Leave this alone unless specifically need to change it!
+OU=Automatically-generated PartImage SSL key
+# This should be a FQDN that resolves to the IP of your server
+CN=localhost
+# This should be the email address for the administrator of the server
+emailAddress=root at localhost
+
+# Leave this alone!
+[ cert_type ]
+nsCertType = server

================================================================
Index: SOURCES/partimaged.pam
diff -u /dev/null SOURCES/partimaged.pam:1.1
--- /dev/null	Thu Apr 10 13:31:38 2008
+++ SOURCES/partimaged.pam	Thu Apr 10 13:31:33 2008
@@ -0,0 +1,11 @@
+# PAM config file for Partimaged
+
+auth required pam_unix.so
+auth required pam_warn.so
+auth required pam_listfile.so \
+	onerr=fail item=user sense=allow \
+	file=/etc/partimaged/partimagedusers
+
+account    include      system-auth
+session    include      system-auth
+

================================================================
Index: SOURCES/partimaged.init
diff -u SOURCES/partimaged.init:1.9 SOURCES/partimaged.init:1.10
--- SOURCES/partimaged.init:1.9	Mon Dec 29 22:59:49 2003
+++ SOURCES/partimaged.init	Thu Apr 10 13:31:33 2008
@@ -33,6 +33,18 @@
 
 # See how we were called.
 case "$1" in
+  init)
+        echo "Generating private key: /etc/partimaged/partimaged.key"
+        openssl genrsa -out /etc/partimaged/partimaged.key 1024 && chmod 600 /etc/partimaged/partimaged.key
+
+        echo "Generating certificate request: /etc/partimaged/partimaged.csr"
+        openssl req -new -x509 -outform PEM -out /etc/partimaged/partimaged.csr \
+		-key /etc/partimaged/partimaged.key -config /etc/partimaged/partimaged.cnf
+
+        echo "Generating self-signed certificate: /etc/partimaged/partimaged.cert"
+        openssl x509 -in /etc/partimaged/partimaged.csr -out /etc/partimaged/partimaged.cert \
+		-signkey /etc/partimaged/partimaged.key && chmod 644 /etc/partimaged/partimaged.cert
+	;;
   start)
 	if [ ! -f /var/lock/subsys/partimaged ]; then
 		msg_starting partimaged
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/partimaged.init?r1=1.9&r2=1.10&f=u

