TDE
/
libtdeldap
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/libtdeldap
0
0
Fork 0
Code Issues Releases Wiki Activity

Add deactivated krb5 PKCS login line

Browse Source
pull/1/head
Timothy Pearson 9 years ago
parent 7ebf958b10
commit 56c2b5fc9b
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File

21
src/libtdeldap.cpp
Unescape View File

@ -4895,6 +4895,18 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
stream << "# All changes will be lost!\n";
stream << "\n";
// Get PKCS#11 slot number from the LDAP configuration file
KSimpleConfig* systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
systemconfig->setGroup(NULL);
int pkcs11_login_card_slot = systemconfig->readNumEntry("PKCS11LoginCardSlot", 0);
delete systemconfig;
// Generate PKCS#11 provider string
TQString pkcsProviderString = TDECryptographicCardDevice::pkcsProviderLibrary();
if (pkcs11_login_card_slot != 0) {
pkcsProviderString.append(TQString(",slot=%1").arg(pkcs11_login_card_slot));
}
// Appdefaults
stream << "[appdefaults]\n";
if (realmList.begin() != realmList.end()) {
@ -4908,9 +4920,11 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
stream << " pkinit_revoke = FILE:" << ldap_crlfile << "\n";
}
stream << " pkinit_require_crl_checking = true\n";
stream << " pam = {\n";
stream << " pkinit_user = PKCS11:" << TDECryptographicCardDevice::pkcsProviderLibrary() << "\n";
stream << " }\n";
if (pkcsProviderString != "") {
stream << " pam = {\n";
stream << " pkinit_user = PKCS11:" << pkcsProviderString << "\n";
stream << " }\n";
}
stream << "\n";
// Defaults
@ -5062,6 +5076,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
}
if (pamConfig.enable_pkcs11_login) {
stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n";
// stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n";
}
stream << "auth required pam_deny.so" << "\n";

Write Preview
Loading…
Cancel
Save