1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Fixes for LDAP access using machine credentials

This commit is contained in:
Lauri Võsandi 2017-01-20 10:56:46 +00:00
parent 4c69efbf87
commit 175f7f5d53
2 changed files with 7 additions and 3 deletions

View File

@ -15,9 +15,12 @@ backends = pam
# address are looked up. In case of 'posix' basically 'getent passwd' is performed, # address are looked up. In case of 'posix' basically 'getent passwd' is performed,
# in case of 'ldap' a search is performed on LDAP server specified in /etc/ldap/ldap.conf # in case of 'ldap' a search is performed on LDAP server specified in /etc/ldap/ldap.conf
# with Kerberos credential cache initialized at path specified by environment variable KRB5CCNAME # with Kerberos credential cache initialized at path specified by environment variable KRB5CCNAME
# If certidude setup authority was performed correctly the credential cache should be
# updated automatically by /etc/cron.hourly/certidude
backend = posix backend = posix
;backend = ldap ;backend = ldap
ldap gssapi credential cache = /run/certidude/krb5cc
[authorization] [authorization]
# The authorization backend specifies how the users are authorized. # The authorization backend specifies how the users are authorized.

View File

@ -1,5 +1,6 @@
#!/bin/bash #!/bin/bash
KRB5CCNAME={{ticket_path}}.part kinit -k {{name}}$ -S ldap/dc1.{{domain}}@{{realm}} -t /etc/krb5.keytab mkdir -p /run/certidude
chown certidude:certidude {{ticket_path}}.part KRB5CCNAME=/run/certidude/krb5cc.part kinit -k {{name}}$ -S ldap/dc1.{{domain}}@{{realm}} -t /etc/krb5.keytab
mv {{ticket_path}}.part {{ticket_path}} chown certidude:certidude /run/certidude/krb5cc.part
mv /run/certidude/krb5cc.part /run/certidude/krb5cc