blob: 8a2d036a4c0f4898f11909a92ed45e8f0fcd2fed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
krb5-auth-dialog is a simple dialog that monitors kerberos tickets, and
pops up a dialog when they are about to expire. Eventually, we expect
it to be part of GNOME.
Configuration
=============
Configuration settings are handled via gsettings.
You can set the principal that is used to acquire tickets via:
gsettings set org.gnome.KrbAuthDialog principal "principal@YOUR.REALM"
You can set the time of the first password prompt via:
gsettings set org.gnome.KrbAuthDialog prompt-minutes 30
You can set the principals pkinit identifier via:
gsettings set org.gnome.KrbAuthDialog pk-userid "FILE:/path/to/user.pem,/path/to/user.key"
or if you're using a smartcard:
gsettings set org.gnome.KrbAuthDialog pk-userid "PKCS11:/usr/lib/opensc/opensc-pkcs11.so"
DBus API
========
You can request a ticket granting ticket via DBus:
dbus-send --print-reply --type=method_call \
--dest=org.gnome.KrbAuthDialog \
/org/gnome/KrbAuthDialog \
org.gnome.KrbAuthDialog.acquireTgt \
string:'principal'
If the sent principal doesn't match the one currently in the ticket cache the
request fails. To request a TGT for the "default" principal use string:''.
See examples/tgt-signals.py for information about sent DBus signals.
Plugins
=======
Plugins are currently disabled by default. Individual plugins can be enabled via gsettings:
Enable pam and dummy plugions:
.
You can set the principal that is used to acquire tickets via:
gsettings set org.gnome.KrbAuthDialog principal "principal@YOUR.REALM"
You can set the time of the first password prompt via:
gsettings set org.gnome.KrbAuthDialog prompt-minutes 30
You can set the principals pkinit identifier via:
gsettings set org.gnome.KrbAuthDialog pk-userid "FILE:/path/to/user.pem,/path/to/user.key"
or if you're using a smartcard:
gsettings set org.gnome.KrbAuthDialog pk-userid "PKCS11:/usr/lib/opensc/opensc-pkcs11.so"
DBus API
========
You can request a ticket granting ticket via DBus:
dbus-send --print-reply --type=method_call \
--dest=org.gnome.KrbAuthDialog \
/org/gnome/KrbAuthDialog \
org.gnome.KrbAuthDialog.acquireTgt \
string:'principal'
If the sent principal doesn't match the one currently in the ticket cache the
request fails. To request a TGT for the "default" principal use string:''.
See examples/tgt-signals.py for information about sent DBus signals.
Plugins
=======
Plugins are currently disabled by default. Individual plugins can be enabled via gsettings:
Enable pam and dummy plugions:
gsettings set org.gnome.KrbAuthDialog.plugins enabled "['pam', 'dummy']"
To list currently enabled plugins:
gsettings get org.gnome.KrbAuthDialog.plugins enabled
A Note on Translations
======================
Kerberos doesn't translate either its prompts or its error messages.
As the prompt is very visible, we need to translate it externally. To
do this, the etpo binary in etpo/ can be used to extract the public
strings that kerberos uses. We are checking that in for now, until
kerberos gets translated.
If your language doesn't have a translation yet and you want to provide one do a
cd po; make krb5-auth-dialog.pot
in the unpacked source tree to get a template of translatable strings.
|
