packages: smbldap-tools/smbldap-tools-krb5.patch, smbldap-tools/smbldap-too...
baggins
baggins at pld-linux.org
Thu Jun 25 22:55:39 CEST 2009
Author: baggins Date: Thu Jun 25 20:55:39 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 4
- properly handle K5KEY hash type (meaning password is stored as kerberos key)
- add basic kerberos settings on account creation
---- Files affected:
packages/smbldap-tools:
smbldap-tools-krb5.patch (1.2 -> 1.3) , smbldap-tools.spec (1.27 -> 1.28)
---- Diffs:
================================================================
Index: packages/smbldap-tools/smbldap-tools-krb5.patch
diff -u packages/smbldap-tools/smbldap-tools-krb5.patch:1.2 packages/smbldap-tools/smbldap-tools-krb5.patch:1.3
--- packages/smbldap-tools/smbldap-tools-krb5.patch:1.2 Thu Jun 25 10:47:50 2009
+++ packages/smbldap-tools/smbldap-tools-krb5.patch Thu Jun 25 22:55:33 2009
@@ -16,11 +16,41 @@
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
-Only in smbldap-tools-0.9.6-krb5: smbldap.conf~
diff -ur smbldap-tools-0.9.6/smbldap-useradd smbldap-tools-0.9.6-krb5/smbldap-useradd
--- smbldap-tools-0.9.6/smbldap-useradd 2009-06-22 16:19:38.853899020 +0200
+++ smbldap-tools-0.9.6-krb5/smbldap-useradd 2009-06-22 16:37:34.637118213 +0200
-@@ -547,21 +547,44 @@
+@@ -384,6 +384,12 @@
+ # add posix account first
+ my $add;
+
++my $userPass;
++if ($config{hash_encrypt} eq "K5KEY" )) {
++ $userPass = "{K5KEY}";
++} else {
++ $userPass = "{crypt}x";
++}
+ # if AIX account, inetOrgPerson obectclass can't be used
+ if ( defined( $Options{'b'} ) ) {
+ $add = $ldap_master->add(
+@@ -402,7 +408,7 @@
+ 'homeDirectory' => "$userHomeDirectory",
+ 'loginShell' => "$config{userLoginShell}",
+ 'gecos' => "$config{userGecos}",
+- 'userPassword' => "{crypt}x"
++ 'userPassword' => "$userPass"
+ ]
+ );
+ }
+@@ -424,7 +430,7 @@
+ 'homeDirectory' => "$userHomeDirectory",
+ 'loginShell' => "$config{userLoginShell}",
+ 'gecos' => "$config{userGecos}",
+- 'userPassword' => "{crypt}x"
++ 'userPassword' => "$userPass"
+ ]
+ );
+ }
+@@ -547,21 +547,47 @@
$valacctflags = "$tmp";
}
@@ -57,7 +87,10 @@
+ add => [ objectClass => 'krb5Principal' ],
+ add => [ objectClass => 'krb5KDCEntry' ],
+ add => [ krb5PrincipalName => "$userName\@$config{KERBEROS_REALM}" ],
-+ add => [ krb5KeyVersionNumber => '0' ]
++ add => [ krb5KeyVersionNumber => '0' ],
++ add => [ krb5KDCFlags => '126'],
++ add => [ krb5MaxRenew => '604800'],
++ add => [ krb5MaxLife => '86400']
+ ]
+ );
+ } else {
@@ -80,3 +113,16 @@
$modify->code && die "failed to add entry: ", $modify->error;
+--- smbldap-tools-0.9.6/smbldap-passwd.orig 2009-06-25 22:40:05.764901892 +0200
++++ smbldap-tools-0.9.6/smbldap-passwd 2009-06-25 22:49:03.906899121 +0200
+@@ -77,6 +77,10 @@
+ }
+ }
+
++if ($config{hash_encrypt} eq "K5KEY" )) {
++ die "Refusing to mess with Kerberos passwords/keys,\nuse smbpasswd, kpasswd or pam passwd\n";
++}
++
+ if (!defined($user)) {
+ $user = getpwuid($<); # $user=$ENV{"USER"};
+ }
================================================================
Index: packages/smbldap-tools/smbldap-tools.spec
diff -u packages/smbldap-tools/smbldap-tools.spec:1.27 packages/smbldap-tools/smbldap-tools.spec:1.28
--- packages/smbldap-tools/smbldap-tools.spec:1.27 Thu Jun 25 11:52:57 2009
+++ packages/smbldap-tools/smbldap-tools.spec Thu Jun 25 22:55:33 2009
@@ -10,7 +10,7 @@
Name: smbldap-tools
Version: 0.9.6
# Despite name-ver file this is REALLY a pre1 release
-Release: 0.pre1.3
+Release: 0.pre1.4
License: GPL
Group: Applications/Networking
URL: https://gna.org/projects/smbldap-tools/
@@ -87,6 +87,11 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.28 2009/06/25 20:55:33 baggins
+- rel 4
+- properly handle K5KEY hash type (meaning password is stored as kerberos key)
+- add basic kerberos settings on account creation
+
Revision 1.27 2009/06/25 09:52:57 baggins
- do not package junk
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/smbldap-tools/smbldap-tools-krb5.patch?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/smbldap-tools/smbldap-tools.spec?r1=1.27&r2=1.28&f=u
More information about the pld-cvs-commit
mailing list