mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Fixes for LDAP access using machine credentials
This commit is contained in:
parent
4c69efbf87
commit
175f7f5d53
@ -15,9 +15,12 @@ backends = pam
|
|||||||
# address are looked up. In case of 'posix' basically 'getent passwd' is performed,
|
# address are looked up. In case of 'posix' basically 'getent passwd' is performed,
|
||||||
# in case of 'ldap' a search is performed on LDAP server specified in /etc/ldap/ldap.conf
|
# in case of 'ldap' a search is performed on LDAP server specified in /etc/ldap/ldap.conf
|
||||||
# with Kerberos credential cache initialized at path specified by environment variable KRB5CCNAME
|
# with Kerberos credential cache initialized at path specified by environment variable KRB5CCNAME
|
||||||
|
# If certidude setup authority was performed correctly the credential cache should be
|
||||||
|
# updated automatically by /etc/cron.hourly/certidude
|
||||||
|
|
||||||
backend = posix
|
backend = posix
|
||||||
;backend = ldap
|
;backend = ldap
|
||||||
|
ldap gssapi credential cache = /run/certidude/krb5cc
|
||||||
|
|
||||||
[authorization]
|
[authorization]
|
||||||
# The authorization backend specifies how the users are authorized.
|
# The authorization backend specifies how the users are authorized.
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
KRB5CCNAME={{ticket_path}}.part kinit -k {{name}}$ -S ldap/dc1.{{domain}}@{{realm}} -t /etc/krb5.keytab
|
mkdir -p /run/certidude
|
||||||
chown certidude:certidude {{ticket_path}}.part
|
KRB5CCNAME=/run/certidude/krb5cc.part kinit -k {{name}}$ -S ldap/dc1.{{domain}}@{{realm}} -t /etc/krb5.keytab
|
||||||
mv {{ticket_path}}.part {{ticket_path}}
|
chown certidude:certidude /run/certidude/krb5cc.part
|
||||||
|
mv /run/certidude/krb5cc.part /run/certidude/krb5cc
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user