mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-13 01:31:56 -06:00
remove unknown patch file
This commit is contained in:
Simo Sorce
parent
588fa2f323
commit
950bddf2a3
@ -1,288 +0,0 @@
|
||||
diff -r 5ebd8adc48b8 ipa-install/README
|
||||
--- a/ipa-install/README Mon Jul 02 15:51:04 2007 -0400
|
||||
+++ b/ipa-install/README Fri Jul 13 16:25:05 2007 -0400
|
||||
@@ -5,12 +5,17 @@ fedora-ds-base
|
||||
fedora-ds-base
|
||||
openldap-clients
|
||||
krb5-server-ldap
|
||||
+cyrus-sasl-gssapi
|
||||
|
||||
|
||||
Installation example:
|
||||
+
|
||||
+TEMPORARY: (until fedora ds scripts are fixed)
|
||||
+please use the fedora-ds.init.patch under share/ to patch your init scripts before
|
||||
+running ipa-server-install
|
||||
|
||||
cd ipa-install
|
||||
make install
|
||||
cd ..
|
||||
-/usr/sbin/ipa-server-install -r FREEIPA.ORG -a rc1.freeipa.org -p freeipa -m ipafree
|
||||
+/usr/sbin/ipa-server-install -u fds -r FREEIPA.ORG -p freeipa -m ipafree
|
||||
|
||||
diff -r 5ebd8adc48b8 ipa-install/share/bind.zone.db.template
|
||||
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
|
||||
+++ b/ipa-install/share/bind.zone.db.template Fri Jul 13 16:22:12 2007 -0400
|
||||
@@ -0,0 +1,26 @@
|
||||
+$$ORIGIN $DOMAIN.
|
||||
+$$TTL 86400
|
||||
+@ IN SOA $DOMAIN. root.$DOMAIN. (
|
||||
+ 01 ; serial (d. adams)
|
||||
+ 3H ; refresh
|
||||
+ 15M ; retry
|
||||
+ 1W ; expiry
|
||||
+ 1D ) ; minimum
|
||||
+
|
||||
+ IN NS $HOST
|
||||
+$HOST IN A $IP
|
||||
+;
|
||||
+; ldap servers
|
||||
+_ldap._tcp IN SRV 0 100 389 $HOST
|
||||
+
|
||||
+;kerberos realm
|
||||
+_kerberos IN TXT $REALM
|
||||
+
|
||||
+; kerberos servers
|
||||
+_kerberos._tcp IN SRV 0 100 88 $HOST
|
||||
+_kerberos._udp IN SRV 0 100 88 $HOST
|
||||
+_kerberos-master._tcp IN SRV 0 100 88 $HOST
|
||||
+_kerberos-master._udp IN SRV 0 100 88 $HOST
|
||||
+_kpasswd._tcp IN SRV 0 100 88 $HOST
|
||||
+_kpasswd._udp IN SRV 0 100 88 $HOST
|
||||
+
|
||||
diff -r 5ebd8adc48b8 ipa-install/share/fedora-ds.init.patch
|
||||
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
|
||||
+++ b/ipa-install/share/fedora-ds.init.patch Fri Jul 13 14:45:53 2007 -0400
|
||||
@@ -0,0 +1,12 @@
|
||||
+--- /etc/init.d/fedora-ds.orig 2007-07-06 18:21:30.000000000 -0400
|
||||
++++ /etc/init.d/fedora-ds 2007-05-18 19:36:24.000000000 -0400
|
||||
+@@ -10,6 +10,9 @@
|
||||
+ # datadir: /var/lib/fedora-ds/slapd-<instance name>
|
||||
+ #
|
||||
+
|
||||
++# Get config.
|
||||
++[ -r /etc/sysconfig/fedora-ds ] && . /etc/sysconfig/fedora-ds
|
||||
++
|
||||
+ # Source function library.
|
||||
+ if [ -f /etc/rc.d/init.d/functions ] ; then
|
||||
+ . /etc/rc.d/init.d/functions
|
||||
diff -r 5ebd8adc48b8 ipa-install/share/krb5.conf.template
|
||||
--- a/ipa-install/share/krb5.conf.template Mon Jul 02 15:51:04 2007 -0400
|
||||
+++ b/ipa-install/share/krb5.conf.template Fri Jul 13 11:01:36 2007 -0400
|
||||
@@ -9,6 +9,13 @@
|
||||
dns_lookup_kdc = true
|
||||
ticket_lifetime = 24h
|
||||
forwardable = yes
|
||||
+
|
||||
+[realms]
|
||||
+ $REALM = {
|
||||
+ kdc = $FQDN:88
|
||||
+ admin_server = $FQDN:749
|
||||
+ default_domain = $DOMAIN
|
||||
+}
|
||||
|
||||
[domain_realm]
|
||||
.$DOMAIN = $REALM
|
||||
@@ -29,7 +36,7 @@
|
||||
ldap_servers = ldap://127.0.0.1/
|
||||
ldap_kerberos_container_dn = cn=kerberos,$SUFFIX
|
||||
ldap_kdc_dn = uid=kdc,cn=kerberos,$SUFFIX
|
||||
-; ldap_kadmind_dn = cn=Directory Manager
|
||||
+ ldap_kadmind_dn = uid=kdc,cn=kerberos,$SUFFIX
|
||||
ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
|
||||
}
|
||||
|
||||
diff -r 5ebd8adc48b8 ipa-install/src/ipa-server-install
|
||||
--- a/ipa-install/src/ipa-server-install Mon Jul 02 15:51:04 2007 -0400
|
||||
+++ b/ipa-install/src/ipa-server-install Fri Jul 13 19:43:13 2007 -0400
|
||||
@@ -26,6 +26,7 @@
|
||||
|
||||
VERSION = "%prog .1"
|
||||
|
||||
+import socket
|
||||
import logging
|
||||
from optparse import OptionParser
|
||||
import ipa.dsinstance
|
||||
@@ -37,8 +38,6 @@ def parse_options():
|
||||
help="ds user")
|
||||
parser.add_option("-r", "--realm", dest="realm_name",
|
||||
help="realm name")
|
||||
- parser.add_option("-a", "--host-address", dest="host_name",
|
||||
- help="host address (name or IP address)")
|
||||
parser.add_option("-p", "--password", dest="password",
|
||||
help="admin password")
|
||||
parser.add_option("-m", "--master-password", dest="master_password",
|
||||
@@ -46,8 +45,8 @@ def parse_options():
|
||||
|
||||
options, args = parser.parse_args()
|
||||
|
||||
- if not options.realm_name or not options.host_name or not options.password:
|
||||
- parser.error("error: password, realm, and host name required")
|
||||
+ if not options.ds_user or not options.realm_name or not options.password or not options.master_password:
|
||||
+ parser.error("error: all options are required")
|
||||
|
||||
return options
|
||||
|
||||
@@ -56,13 +55,35 @@ def main():
|
||||
format='%(asctime)s %(levelname)s %(message)s',
|
||||
filename='ipa-install.log',
|
||||
filemode='w')
|
||||
+
|
||||
options = parse_options()
|
||||
+
|
||||
+ # check the hostname is correctly configured, it must be as the kldap
|
||||
+ # utilities just use the hostname as returned by gethostbyname to set
|
||||
+ # up some of the standard entries
|
||||
+
|
||||
+ host_name = socket.gethostname()
|
||||
+ if len(host_name.split(".")) < 2:
|
||||
+ print "Invalid hostname <"+host_name+">"
|
||||
+ print "Check the /etc/hosts file and make sure to have a valid FQDN"
|
||||
+ return "-Fatal Error-"
|
||||
+
|
||||
+ if socket.gethostbyname(host_name) == "127.0.0.1":
|
||||
+ print "The hostname resolves to the localhost address (127.0.0.1)"
|
||||
+ print "Please change your /etc/hosts file or your DNS so that the"
|
||||
+ print "hostname resolves to the ip address of your network interface."
|
||||
+ print "The KDC service does not listen on 127.0.0.1"
|
||||
+ return "-Fatal Error-"
|
||||
+
|
||||
+ print "The Final KDC Host Name will be: " + host_name
|
||||
+
|
||||
ds = ipa.dsinstance.DsInstance()
|
||||
- ds.create_instance(options.ds_user, options.realm_name, options.host_name, options.password)
|
||||
+ ds.create_instance(options.ds_user, options.realm_name, host_name, options.password)
|
||||
|
||||
krb = ipa.krbinstance.KrbInstance()
|
||||
- krb.create_instance(options.ds_user, options.realm_name, options.host_name, options.password, options.master_password)
|
||||
- #restart ds after the krb instance have add the sasl map
|
||||
+ krb.create_instance(options.ds_user, options.realm_name, host_name, options.password, options.master_password)
|
||||
+
|
||||
+ #restart ds after the krb instance have add the sasl map and the ldap keytab
|
||||
ds.restart()
|
||||
|
||||
return 0
|
||||
diff -r 5ebd8adc48b8 ipa-install/src/ipa/krbinstance.py
|
||||
--- a/ipa-install/src/ipa/krbinstance.py Mon Jul 02 15:51:04 2007 -0400
|
||||
+++ b/ipa-install/src/ipa/krbinstance.py Fri Jul 13 19:20:41 2007 -0400
|
||||
@@ -25,6 +25,9 @@ import logging
|
||||
import logging
|
||||
from random import Random
|
||||
from time import gmtime
|
||||
+import os
|
||||
+import pwd
|
||||
+import socket
|
||||
|
||||
SHARE_DIR = "/usr/share/ipa/"
|
||||
|
||||
@@ -32,6 +35,10 @@ def realm_to_suffix(realm_name):
|
||||
s = realm_name.split(".")
|
||||
terms = ["dc=" + x.lower() for x in s]
|
||||
return ",".join(terms)
|
||||
+
|
||||
+def host_to_domain(fqdn):
|
||||
+ s = fqdn.split(".")
|
||||
+ return ".".join(s[1:])
|
||||
|
||||
def generate_kdc_password():
|
||||
rndpwd = ''
|
||||
@@ -75,8 +82,10 @@ class KrbInstance:
|
||||
class KrbInstance:
|
||||
def __init__(self):
|
||||
self.ds_user = None
|
||||
- self.realm_name = None
|
||||
- self.host_name = None
|
||||
+ self.fqdn = None
|
||||
+ self.realm = None
|
||||
+ self.domain = None
|
||||
+ self.host = None
|
||||
self.admin_password = None
|
||||
self.master_password = None
|
||||
self.suffix = None
|
||||
@@ -85,12 +94,15 @@ class KrbInstance:
|
||||
|
||||
def create_instance(self, ds_user, realm_name, host_name, admin_password, master_password):
|
||||
self.ds_user = ds_user
|
||||
- self.realm_name = realm_name.upper()
|
||||
- self.host_name = host_name
|
||||
+ self.fqdn = host_name
|
||||
+ self.ip = socket.gethostbyname(host_name)
|
||||
+ self.realm = realm_name.upper()
|
||||
+ self.host = host_name.split(".")[0]
|
||||
+ self.domain = host_to_domain(host_name)
|
||||
self.admin_password = admin_password
|
||||
self.master_password = master_password
|
||||
|
||||
- self.suffix = realm_to_suffix(self.realm_name)
|
||||
+ self.suffix = realm_to_suffix(self.realm)
|
||||
self.kdc_password = generate_kdc_password()
|
||||
self.__configure_kdc_account_password()
|
||||
|
||||
@@ -99,6 +111,10 @@ class KrbInstance:
|
||||
self.__configure_ldap()
|
||||
|
||||
self.__create_instance()
|
||||
+
|
||||
+ self.__create_ds_keytab()
|
||||
+
|
||||
+ self.__create_sample_bind_zone()
|
||||
|
||||
self.start()
|
||||
|
||||
@@ -120,12 +136,13 @@ class KrbInstance:
|
||||
pwd_fd.close()
|
||||
|
||||
def __setup_sub_dict(self):
|
||||
- #FIXME: can DOMAIN be different than REALM ?
|
||||
- self.sub_dict = dict(FQHN=self.host_name,
|
||||
+ self.sub_dict = dict(FQDN=self.fqdn,
|
||||
+ IP=self.ip,
|
||||
PASSWORD=self.kdc_password,
|
||||
SUFFIX=self.suffix,
|
||||
- DOMAIN= self.realm_name.lower(),
|
||||
- REALM=self.realm_name)
|
||||
+ DOMAIN=self.domain,
|
||||
+ HOST=self.host,
|
||||
+ REALM=self.realm)
|
||||
|
||||
def __configure_ldap(self):
|
||||
|
||||
@@ -153,7 +170,7 @@ class KrbInstance:
|
||||
krb5_fd.close()
|
||||
|
||||
#populate the directory with the realm structure
|
||||
- args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"]
|
||||
+ args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
|
||||
run(args)
|
||||
|
||||
# TODO: NOT called yet, need to find out how to make sure the plugin is available first
|
||||
@@ -165,5 +182,28 @@ class KrbInstance:
|
||||
extop_fd.close()
|
||||
|
||||
#add an ACL to let the DS user read the master key
|
||||
- args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm_name]
|
||||
+ args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm]
|
||||
run(args)
|
||||
+
|
||||
+ def __create_sample_bind_zone(self):
|
||||
+ bind_txt = template_file(SHARE_DIR + "bind.zone.db.template", self.sub_dict)
|
||||
+ [bind_fd, bind_name] = tempfile.mkstemp(".db","sammple.zone.")
|
||||
+ os.write(bind_fd, bind_txt)
|
||||
+ os.close(bind_fd)
|
||||
+ print "Sample zone file for bind has been created in "+bind_name
|
||||
+
|
||||
+ def __create_ds_keytab(self):
|
||||
+ (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
|
||||
+ kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n")
|
||||
+ kwrite.flush()
|
||||
+ kwrite.write("ktadd -k /etc/fedora-ds/ds.keytab ldap/"+self.fqdn+"@"+self.realm+"\n")
|
||||
+ kwrite.flush()
|
||||
+ kwrite.close()
|
||||
+ kread.close()
|
||||
+ kerr.close()
|
||||
+
|
||||
+ cfg_fd = open("/etc/sysconfig/fedora-ds", "a")
|
||||
+ cfg_fd.write("export KRB5_KTNAME=/etc/fedora-ds/ds.keytab\n")
|
||||
+ cfg_fd.close()
|
||||
+ pent = pwd.getpwnam(self.ds_user)
|
||||
+ os.chown("/etc/sysconfig/fedora-ds", pent.pw_uid, pent.pw_gid)
|
||||
Loading…
Reference in New Issue
Block a user