|
|
|
@ -4895,6 +4895,18 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
|
|
|
|
|
stream << "# All changes will be lost!\n";
|
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
|
|
// Get PKCS#11 slot number from the LDAP configuration file
|
|
|
|
|
KSimpleConfig* systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
|
|
|
|
|
systemconfig->setGroup(NULL);
|
|
|
|
|
int pkcs11_login_card_slot = systemconfig->readNumEntry("PKCS11LoginCardSlot", 0);
|
|
|
|
|
delete systemconfig;
|
|
|
|
|
|
|
|
|
|
// Generate PKCS#11 provider string
|
|
|
|
|
TQString pkcsProviderString = TDECryptographicCardDevice::pkcsProviderLibrary();
|
|
|
|
|
if (pkcs11_login_card_slot != 0) {
|
|
|
|
|
pkcsProviderString.append(TQString(",slot=%1").arg(pkcs11_login_card_slot));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Appdefaults
|
|
|
|
|
stream << "[appdefaults]\n";
|
|
|
|
|
if (realmList.begin() != realmList.end()) {
|
|
|
|
@ -4908,9 +4920,11 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
|
|
|
|
|
stream << " pkinit_revoke = FILE:" << ldap_crlfile << "\n";
|
|
|
|
|
}
|
|
|
|
|
stream << " pkinit_require_crl_checking = true\n";
|
|
|
|
|
stream << " pam = {\n";
|
|
|
|
|
stream << " pkinit_user = PKCS11:" << TDECryptographicCardDevice::pkcsProviderLibrary() << "\n";
|
|
|
|
|
stream << " }\n";
|
|
|
|
|
if (pkcsProviderString != "") {
|
|
|
|
|
stream << " pam = {\n";
|
|
|
|
|
stream << " pkinit_user = PKCS11:" << pkcsProviderString << "\n";
|
|
|
|
|
stream << " }\n";
|
|
|
|
|
}
|
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
|
|
// Defaults
|
|
|
|
@ -5062,6 +5076,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
|
|
|
|
|
}
|
|
|
|
|
if (pamConfig.enable_pkcs11_login) {
|
|
|
|
|
stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n";
|
|
|
|
|
// stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n";
|
|
|
|
|
}
|
|
|
|
|
stream << "auth required pam_deny.so" << "\n";
|
|
|
|
|
|
|
|
|
|