lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-09-06 22:00:56 +00:00
Code Issues Activity

Fixes for LDAP access using machine credentials

Browse Source
This commit is contained in:
Lauri Võsandi
2017-01-20 10:56:46 +00:00
parent 4c69efbf87
commit 175f7f5d53
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certidude/templates/certidude-server.conf
View File

@@ -15,9 +15,12 @@ backends = pam
# address are looked up. In case of 'posix' basically 'getent passwd' is performed, # address are looked up. In case of 'posix' basically 'getent passwd' is performed,
# in case of 'ldap' a search is performed on LDAP server specified in /etc/ldap/ldap.conf # in case of 'ldap' a search is performed on LDAP server specified in /etc/ldap/ldap.conf
# with Kerberos credential cache initialized at path specified by environment variable KRB5CCNAME # with Kerberos credential cache initialized at path specified by environment variable KRB5CCNAME
# If certidude setup authority was performed correctly the credential cache should be
# updated automatically by /etc/cron.hourly/certidude
backend = posix backend = posix
;backend = ldap ;backend = ldap
ldap gssapi credential cache = /run/certidude/krb5cc
[authorization] [authorization]
# The authorization backend specifies how the users are authorized. # The authorization backend specifies how the users are authorized.

7
certidude/templates/ldap-ticket-renewal.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash #!/bin/bash
KRB5CCNAME={{ticket_path}}.part kinit -k {{name}}$ -S ldap/dc1.{{domain}}@{{realm}} -t /etc/krb5.keytab mkdir -p /run/certidude
chown certidude:certidude {{ticket_path}}.part KRB5CCNAME=/run/certidude/krb5cc.part kinit -k {{name}}$ -S ldap/dc1.{{domain}}@{{realm}} -t /etc/krb5.keytab
mv {{ticket_path}}.part {{ticket_path}} chown certidude:certidude /run/certidude/krb5cc.part
mv /run/certidude/krb5cc.part /run/certidude/krb5cc