From a3e27219edd1c77fe9831d4eac1d7310f8afdd06 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 23 Mar 2020 17:01:45 -0400 Subject: fix sssd.conf and improve packaging fix #1 post-install needs to chmod 0600 sssd.conf add sssd.conf.in template add make-dsc-for-obs script bump version to 0.0.2 --- src/Makefile | 5 +++-- src/usr/sbin/freeipa-helper-post-install | 7 ++++++ src/usr/share/freeipa-helper/sssd.conf.in | 36 +++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 src/usr/share/freeipa-helper/sssd.conf.in (limited to 'src') diff --git a/src/Makefile b/src/Makefile index c48eefa..a328501 100644 --- a/src/Makefile +++ b/src/Makefile @@ -13,7 +13,7 @@ # Dependencies: APPNAME = freeipa-helper -APPVERSION = 0.0.1 +APPVERSION = 0.0.2 SRCDIR = $(CURDIR) prefix = /usr SYSCONFDIR = $(DESTDIR)/etc @@ -56,8 +56,9 @@ deplist_opts: install: @${echobin} Installing files to ${DESTDIR} - ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} + ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} ${APPDIR} ${installbin} -m 0755 -t ${SBINDIR} ${SRCDIR}/usr/sbin/* + ${installbin} -m 0644 -t ${APPDIR} ${SRCDIR}/usr/share/${APPNAME}/* test -L ${BINDIR1}/systemctl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR1}/systemctl test -L ${BINDIR}/hostnamectl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/hostnamectl test -L ${BINDIR}/systemd-detect-virt || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/systemd-detect-virt diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install index e9b61b2..8baa604 100755 --- a/src/usr/sbin/freeipa-helper-post-install +++ b/src/usr/sbin/freeipa-helper-post-install @@ -7,10 +7,12 @@ # Purpose: Turn my configs into a one-liner # History: # 2020-03-11 contents ripped entirely from devuan.txt +# 2020-03-23 add sssd.conf templating # Usage: # sudo freeipa-helper-post-install # References: # /mnt/public/Support/Platforms/devuan/devuan.txt +# almost-bashism for templating from file https://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash/60820800#60820800 # Improve: # Dependencies: # raw: /usr/share/bgconf/confs/kerberos/kerberos.sh @@ -22,5 +24,10 @@ tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$(( # set dns_canonicalize_hostname = true sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true' test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh +eval "cat </etc/sssd/sssd.conf +$( cat /usr/share/freeipa-helper/sssd.conf.in ) +EOF +" +chmod 0600 /etc/sssd/sssd.conf service sssd stop ; service sssd start service ssh stop ; service ssh start diff --git a/src/usr/share/freeipa-helper/sssd.conf.in b/src/usr/share/freeipa-helper/sssd.conf.in new file mode 100644 index 0000000..2ab626f --- /dev/null +++ b/src/usr/share/freeipa-helper/sssd.conf.in @@ -0,0 +1,36 @@ +[domain/$( hostname --domain )] + +debug_level = 1 +id_provider = ipa +ipa_server = _srv_, $( hostname --domain ) +ipa_domain = $( hostname --domain ) +ipa_hostname = $( hostname --fqdn ) +auth_provider = ipa +chpass_provider = ipa +access_provider = ipa +cache_credentials = True +ldap_tls_cacert = /etc/ipa/ca.crt +krb5_store_password_if_offline = True +[sssd] +services = nss, pam, ssh, sudo + +domains = $( hostname --domain ) +[nss] +homedir_substring = /home + +[pam] + +[sudo] + +[autofs] + +[ssh] + +[pac] + +[ifp] + +[secrets] + +[session_recording] + -- cgit