1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
From d8f2ad281d0790f2ad8ccc4265c711c68bd2f9c8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 28 Jul 2016 11:04:36 +0200
Subject: [PATCH] Adapt to Arch Linux
---
Makefile.am | 5 +--
authinfo.py | 51 ++++++----------------------
man/en/Makefile.am | 2 +-
man/en/authconfig.8 | 8 ++---
man/en/system-auth-ac.5 | 20 ++---------
man/en/{postlogin-ac.5 => system-login-ac.5} | 0
6 files changed, 20 insertions(+), 66 deletions(-)
rename man/en/{postlogin-ac.5 => system-login-ac.5} (100%)
diff --git a/Makefile.am b/Makefile.am
index e12373a697e822c22a738dcd7b1a6be46fa0289d..f1339da39055c7206b88070ad14627848619a7ad 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,10 +25,7 @@ install-data-local:
mkdir -p $(DESTDIR)/$(backupdir)
touch $(DESTDIR)/$(sysconfigdir)/authconfig
touch $(DESTDIR)/$(pamdir)/system-auth-ac
- touch $(DESTDIR)/$(pamdir)/password-auth-ac
- touch $(DESTDIR)/$(pamdir)/fingerprint-auth-ac
- touch $(DESTDIR)/$(pamdir)/smartcard-auth-ac
- touch $(DESTDIR)/$(pamdir)/postlogin-ac
+ touch $(DESTDIR)/$(pamdir)/system-login-ac
uninstall-local:
$(RM) $(DESTDIR)/$(bindir)/authconfig
diff --git a/authinfo.py b/authinfo.py
index 1203a71114d0b700ff57802ece89b4a3e5351572..36e38418213c5c074178b8398ede8ade106d4c09 100644
--- a/authinfo.py
+++ b/authinfo.py
@@ -60,8 +60,8 @@ SYSCONFDIR = "/etc"
AUTH_PAM_SERVICE = "system-auth"
AUTH_PAM_SERVICE_AC = "system-auth-ac"
-POSTLOGIN_PAM_SERVICE = "postlogin"
-POSTLOGIN_PAM_SERVICE_AC = "postlogin-ac"
+POSTLOGIN_PAM_SERVICE = "system-login"
+POSTLOGIN_PAM_SERVICE_AC = "system-login-ac"
PASSWORD_AUTH_PAM_SERVICE = "password-auth"
PASSWORD_AUTH_PAM_SERVICE_AC = "password-auth-ac"
@@ -75,7 +75,7 @@ SMARTCARD_AUTH_PAM_SERVICE_AC = "smartcard-auth-ac"
SSSD_AUTHCONFIG_DOMAIN = "default"
if "lib64" in str(globals()["acutil"]):
- LIBDIR = "/usr/lib64"
+ LIBDIR = "/lib64"
else:
- LIBDIR = "/usr/lib"
+ LIBDIR = "/lib"
@@ -994,9 +994,6 @@ class SafeFile:
self.file.flush()
os.fsync(self.file.fileno())
os.rename(self.file.name, self.filename)
- if self.missing:
- call(["/usr/sbin/restorecon", self.filename],
- stderr=os.open('/dev/null', os.O_WRONLY))
def close(self):
# we may have renamed the temp file, need to catch OSError
@@ -1086,13 +1083,6 @@ class FileBackup:
if rv and os.path.isfile(backuppath):
rv = self.safeCopy(backuppath, self.origPath)
- try:
- if rv:
- call(["/usr/sbin/restorecon", self.origPath],
- stderr=os.open('/dev/null', os.O_WRONLY))
- except (IOError, OSError):
- pass
-
return rv
def readCache():
@@ -1163,8 +1153,8 @@ class CacheBackup(FileBackup):
# indexes for the configs
(CFG_YP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
CFG_KRB, CFG_PAM_PKCS11, CFG_SMB, CFG_NSSWITCH, CFG_CACHE,
- CFG_PAM, CFG_POSTLOGIN_PAM, CFG_PASSWORD_PAM, CFG_FINGERPRINT_PAM, CFG_SMARTCARD_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
- CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 28))
+ CFG_PAM, CFG_POSTLOGIN_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
+ CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 25))
all_configs = [
FileBackup("yp.conf", SYSCONFDIR+"/yp.conf"),
FileBackup("nss_ldap.conf", SYSCONFDIR+"/nss_ldap.conf"),
@@ -1178,12 +1168,9 @@ all_configs = [
FileBackup("nsswitch.conf", SYSCONFDIR+"/nsswitch.conf"),
CacheBackup("cacheenabled.conf", ""),
FileBackup("system-auth-ac", SYSCONFDIR+"/pam.d/"+AUTH_PAM_SERVICE_AC),
- FileBackup("postlogin-ac", SYSCONFDIR+"/pam.d/"+POSTLOGIN_PAM_SERVICE_AC),
- FileBackup("password-auth-ac", SYSCONFDIR+"/pam.d/"+PASSWORD_AUTH_PAM_SERVICE_AC),
- FileBackup("fingerprint-auth-ac", SYSCONFDIR+"/pam.d/"+FINGERPRINT_AUTH_PAM_SERVICE_AC),
- FileBackup("smartcard-auth-ac", SYSCONFDIR+"/pam.d/"+SMARTCARD_AUTH_PAM_SERVICE_AC),
- FileBackup("authconfig", SYSCONFDIR+"/sysconfig/authconfig"),
- FileBackup("network", SYSCONFDIR+"/sysconfig/network"),
+ FileBackup("system-login-ac", SYSCONFDIR+"/pam.d/"+POSTLOGIN_PAM_SERVICE_AC),
+ FileBackup("authconfig", SYSCONFDIR+"/conf.d/authconfig"),
+ FileBackup("nisdomainname", SYSCONFDIR+"/nisdomainname"),
FileBackup("libuser.conf", SYSCONFDIR+"/libuser.conf"),
FileBackup("pwquality.conf", SYSCONFDIR+"/security/pwquality.conf"),
FileBackup("login.defs", SYSCONFDIR+"/login.defs"),
@@ -2263,7 +2250,7 @@ class AuthInfo:
except IOError:
return False
- tmp = shv.getValue("NISDOMAIN")
+ tmp = shv.getValue("NISDOMAINNAME")
if tmp:
self.nisLocalDomain = tmp
@@ -3661,8 +3648,7 @@ class AuthInfo:
pass
def checkPAMLinked(self):
- for dest in [AUTH_PAM_SERVICE, POSTLOGIN_PAM_SERVICE, PASSWORD_AUTH_PAM_SERVICE,
- FINGERPRINT_AUTH_PAM_SERVICE, SMARTCARD_AUTH_PAM_SERVICE]:
+ for dest in [AUTH_PAM_SERVICE, POSTLOGIN_PAM_SERVICE]:
dest = SYSCONFDIR + "/pam.d/" + dest
f = os.path.isfile(dest)
l = os.path.islink(dest)
@@ -3745,9 +3731,6 @@ class AuthInfo:
self.module_missing = {}
self.writePAMService(STANDARD, CFG_PAM, AUTH_PAM_SERVICE_AC, AUTH_PAM_SERVICE)
self.writePAMService(POSTLOGIN, CFG_POSTLOGIN_PAM, POSTLOGIN_PAM_SERVICE_AC, POSTLOGIN_PAM_SERVICE)
- self.writePAMService(PASSWORD_ONLY, CFG_PASSWORD_PAM, PASSWORD_AUTH_PAM_SERVICE_AC, PASSWORD_AUTH_PAM_SERVICE)
- self.writePAMService(FINGERPRINT, CFG_FINGERPRINT_PAM, FINGERPRINT_AUTH_PAM_SERVICE_AC, FINGERPRINT_AUTH_PAM_SERVICE)
- self.writePAMService(SMARTCARD, CFG_SMARTCARD_PAM, SMARTCARD_AUTH_PAM_SERVICE_AC, SMARTCARD_AUTH_PAM_SERVICE)
return True
def writeSysconfig(self):
@@ -3794,7 +3777,7 @@ class AuthInfo:
except IOError:
return False
- shv.setValue("NISDOMAIN", self.nisDomain)
+ shv.setValue("NISDOMAINNAME", self.nisDomain)
shv.write(0o644)
shv.close()
@@ -4056,7 +4039,6 @@ class AuthInfo:
if not nostart:
os.system("/bin/domainname " + self.nisDomain)
try:
- os.system("[[ $(getsebool allow_ypbind) == *off* ]] && setsebool -P allow_ypbind 1")
os.stat(PATH_RPCBIND)
Service.enable("rpcbind")
if not nostart:
@@ -4075,7 +4057,6 @@ class AuthInfo:
if not nostart:
os.system("/bin/domainname \"(none)\"")
try:
- os.system("[[ $(getsebool allow_ypbind) == *on* ]] && setsebool -P allow_ypbind 0")
os.stat(PATH_YPBIND)
if not nostart:
try:
@@ -4092,16 +4073,6 @@ class AuthInfo:
not self.implicitSSSD,
PATH_NSLCD,
"nslcd", nostart)
- if self.enableLDAP:
- try:
- os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *off* ]] && setsebool -P authlogin_nsswitch_use_ldap 1")
- except OSError:
- pass
- else:
- try:
- os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *on* ]] && setsebool -P authlogin_nsswitch_use_ldap 0")
- except OSError:
- pass
return True
def toggleWinbindService(self, nostart):
diff --git a/man/en/Makefile.am b/man/en/Makefile.am
index c4fa4408b68f3df2faf49ad9553d4edc6c66ae02..473afcac11af95fed1ae30dbf91b098f37d186a9 100644
--- a/man/en/Makefile.am
+++ b/man/en/Makefile.am
@@ -1,3 +1,3 @@
man8_MANS = authconfig.8 cacertdir_rehash.8
-man5_MANS = system-auth-ac.5 fingerprint-auth-ac.5 password-auth-ac.5 smartcard-auth-ac.5 postlogin-ac.5
+man5_MANS = system-auth-ac.5 system-login-ac.5
EXTRA_DIST = $(man8_MANS) $(man5_MANS)
diff --git a/man/en/authconfig.8 b/man/en/authconfig.8
index 7338dc8d12de3484982cc3dfc29fd841be6d9890..ae93aa5b4f2fda383c3d9aa5c41a4a3868883af5 100644
--- a/man/en/authconfig.8
+++ b/man/en/authconfig.8
@@ -11,7 +11,7 @@ authconfig, authconfig-tui \- an interface for configuring system authentication
.in -7
.SH DESCRIPTION
\fBauthconfig\fR provides a simple method of configuring
-/etc/sysconfig/network to handle NIS, as well as /etc/passwd and
+/etc/nisdomainname to handle NIS, as well as /etc/passwd and
/etc/shadow, the files used for shadow password support. Basic LDAP,
Kerberos 5, and Winbind client configuration is also provided.
@@ -70,7 +70,7 @@ Kerberos (\fB--enablekrb5\fR) for authentication.
In case \fISSSD\fR does not support some feature of the legacy services that are
required for the site configuration, the use of the legacy services can be forced
-by setting FORCELEGACY=yes in \fB/etc/sysconfig/authconfig\fP.
+by setting FORCELEGACY=yes in \fB/etc/conf.d/authconfig\fP.
The list of options mentioned here in the manual page is not exhaustive, please
refer to \fBauthconfig --help\fR for the complete list of the options.
@@ -109,7 +109,7 @@ fails on \fB--update\fR action, 7 if Winbind domain join fails.
.PD 0
.TP
.TP
-.FN /etc/sysconfig/authconfig
+.FN /etc/conf.d/authconfig
Used to track whether or not particular authentication mechanisms are enabled.
Currently includes variables named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH,
USEWINBIND, USEWINBINDAUTH, USENIS, USELDAP, and others.
@@ -122,7 +122,7 @@ Used for shadow password support.
.FN /etc/yp.conf
Configuration file for NIS support.
.TP
-.FN /etc/sysconfig/network
+.FN /etc/nisdomainname
Another configuration file for NIS support.
.TP
.FN /etc/ldap.conf
diff --git a/man/en/system-auth-ac.5 b/man/en/system-auth-ac.5
index 8c55e1956afaade9e8317ae73839c0d522cb3ee1..c1b7aaf981d8c3529e0cd8973d90ca7d9ac5c5e1 100644
--- a/man/en/system-auth-ac.5
+++ b/man/en/system-auth-ac.5
@@ -1,8 +1,7 @@
.TH SYSTEM-AUTH-AC 5 "2010 March 31" "Red Hat, Inc."
.SH NAME
-system-auth-ac, password-auth-ac, smartcard-auth-ac,
-fingerprint-auth-ac, postlogin-ac \- Common configuration files for
+system-auth-ac, system-login-ac \- Common configuration files for
PAMified services written by authconfig(8)
.SH SYNOPSIS
@@ -29,23 +28,10 @@ and writes the configuration to this file. The symlink is not changed on
subsequent configuration changes even if it points elsewhere. This allows
system administrators to override the configuration written by authconfig.
-The authconfig now writes the authentication modules also into additional PAM
-configuration files \fB/etc/pam.d/password-auth-ac\fR,
-\fB/etc/pam.d/smartcard-auth-ac\fR, and \fB/etc/pam.d/fingerprint-auth-ac\fR.
-These configuration files contain only modules which perform
-authentication with the respective kinds of authentication tokens.
-For example \fB/etc/pam.d/smartcard-auth[-ac]\fR will not contain
-\fBpam_unix\fR and \fBpam_ldap\fR modules and \fB/etc/pam.d/password-auth[-ac]\fR
-will not contain \fBpam_pkcs11\fR and \fBpam_fprintd\fR modules.
-
-The file \fB/etc/pam.d/postlogin-ac\fR contains common services
+The file \fB/etc/pam.d/system-login-ac\fR contains common services
to be invoked after login. An example can be a module that encrypts an
user's filesystem or user's keyring and is decrypted by his password.
-The PAM configuration files of services which are accessed by remote
-connections such as sshd or ftpd now include the \fB/etc/pam.d/password-auth\fR
-configuration file instead of \fB/etc/pam.d/system-auth\fR.
-
.SH EXAMPLE
Configure system to use pam_tally2 for configuration of maximum number of
@@ -78,4 +64,4 @@ session include system-auth-ac
None known.
.SH "SEE ALSO"
-authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)
+authconfig(8), authconfig-gtk(8), pam(8)
diff --git a/man/en/postlogin-ac.5 b/man/en/system-login-ac.5
similarity index 100%
rename from man/en/postlogin-ac.5
rename to man/en/system-login-ac.5
--
2.9.3
|