diff options
author | Timothy Pearson <[email protected]> | 2012-05-21 00:54:46 -0500 |
---|---|---|
committer | Timothy Pearson <[email protected]> | 2012-05-21 00:54:46 -0500 |
commit | bb72c681df66c174f16ed8a1a3502a9892034ef2 (patch) | |
tree | 333dc3fac07ec5ebd02a88bbe8962c376f201fa9 /src/ldap.cpp | |
parent | 44db1b5fafa7e3ff64411b48214961da8d553138 (diff) | |
download | kcmldap-bb72c681df66c174f16ed8a1a3502a9892034ef2.tar.gz kcmldap-bb72c681df66c174f16ed8a1a3502a9892034ef2.zip |
Add pam file writing and clean up a bit
Diffstat (limited to 'src/ldap.cpp')
-rw-r--r-- | src/ldap.cpp | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/src/ldap.cpp b/src/ldap.cpp index 5834407..31b2b0c 100644 --- a/src/ldap.cpp +++ b/src/ldap.cpp @@ -56,6 +56,9 @@ #define KRB5_FILE "/etc/krb5.conf" #define LDAP_FILE "/etc/ldap.conf" #define NSSWITCH_FILE "/etc/nsswitch.conf" +#define PAMD_DIRECTORY "/etc/pam.d/" +#define PAMD_COMMON_ACCOUNT "common-account" +#define PAMD_COMMON_AUTH "common-auth" #define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data" typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory; @@ -340,6 +343,8 @@ void LDAPConfig::save() { writeLDAPConfFile(); // Write the NSSwitch configuration file writeNSSwitchFile(); + // Write the PAM configuration files + writePAMFiles(); } load(); @@ -683,8 +688,6 @@ void LDAPConfig::writeNSSwitchFile() { if (file.open(IO_WriteOnly)) { TQTextStream stream( &file ); - LDAPRealmConfig realmcfg = m_realms[m_defaultRealm]; - stream << "# This file was automatically generated by TDE\n"; stream << "# All changes will be lost!\n"; stream << "\n"; @@ -706,6 +709,39 @@ void LDAPConfig::writeNSSwitchFile() { } } +void LDAPConfig::writePAMFiles() { + TQFile file(PAMD_DIRECTORY PAMD_COMMON_ACCOUNT); + if (file.open(IO_WriteOnly)) { + TQTextStream stream( &file ); + + stream << "# This file was automatically generated by TDE\n"; + stream << "# All changes will be lost!\n"; + stream << "\n"; + stream << "account sufficient pam_unix.so nullok_secure" << "\n"; + stream << "account sufficient pam_ldap.so" << "\n"; + stream << "account required pam_permit.so" << "\n"; + + file.close(); + } + + TQFile file2(PAMD_DIRECTORY PAMD_COMMON_AUTH); + if (file2.open(IO_WriteOnly)) { + TQTextStream stream( &file2 ); + + stream << "# This file was automatically generated by TDE\n"; + stream << "# All changes will be lost!\n"; + stream << "\n"; + stream << "auth [default=ignore success=ignore] pam_mount.so" << "\n"; + stream << "auth sufficient pam_unix.so nullok try_first_pass" << "\n"; + stream << "auth [default=ignore success=1 service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n"; + stream << "auth [default=die success=done] pam_ccreds.so action=validate use_first_pass" << "\n"; + stream << "auth sufficient pam_ccreds.so action=store use_first_pass" << "\n"; + stream << "auth required pam_deny.so" << "\n"; + + file2.close(); + } +} + int LDAPConfig::buttons() { return KCModule::Apply|KCModule::Help; } |