summaryrefslogtreecommitdiffstats
path: root/perl-install/authentication.pm
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/authentication.pm')
-rw-r--r--perl-install/authentication.pm27
1 files changed, 17 insertions, 10 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index 8321ff89a..01436cfe6 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -32,6 +32,16 @@ my %kind2pam_kind = (
SMBKRB => ['winbind'],
);
+my %kind2nsswitch = (
+ local => [],
+ SmartCard => [],
+ LDAP => ['ldap'],
+ NIS => ['nis'],
+ AD => ['ldap'],
+ winbind => ['winbind'],
+ SMBKRB => ['winbind'],
+);
+
sub kind2description() {
join('',
map {
@@ -197,6 +207,10 @@ sub set {
sshd_config_UsePAM(@$pam_modules > 0);
set_pam_authentication(@$pam_modules);
+ my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does not know $kind");
+ $nsswitch ||= [];
+ set_nsswitch_priority(@$nsswitch);
+
if ($kind eq 'local') {
} elsif ($kind eq 'SmartCard') {
$in->do_pkgs->install('castella-pam');
@@ -208,8 +222,6 @@ sub set {
first($s =~ /namingContexts: (.+)/);
} or log::l("no ldap domain found on server $authentication->{LDAP_server}"), return;
- set_nsswitch_priority('ldap');
-
update_ldap_conf(
host => $authentication->{LDAP_server},
base => $domain,
@@ -221,8 +233,6 @@ sub set {
$in->do_pkgs->install(qw(nss_ldap pam_krb5 libsasl2-plug-gssapi));
my $port = "389";
- set_nsswitch_priority('ldap');
-
my $ssl = {
anonymous => 'off',
simple => 'off',
@@ -289,7 +299,6 @@ sub set {
$_ .= "$t $authentication->{NIS_server}\n" if eof;
} "$::prefix/etc/yp.conf";
- set_nsswitch_priority('nis');
#- no need to modify system-auth for nis
$when_network_is_up->(sub {
@@ -305,7 +314,6 @@ sub set {
my $domain = uc $netc->{WINDOMAIN};
$in->do_pkgs->install('samba-winbind');
- set_nsswitch_priority('winbind');
require network::smb;
network::smb::write_smb_conf($domain);
@@ -326,8 +334,6 @@ sub set {
configure_krb5_for_AD($authentication);
$in->do_pkgs->install('samba-winbind', 'pam_krb5', 'samba-server', 'samba-client');
- set_nsswitch_priority('winbind');
-
require network::smb;
network::smb::write_smb_ads_conf($domain,$realm);
@@ -440,10 +446,11 @@ sub get_pam_authentication_kinds() {
sub set_nsswitch_priority {
my (@kinds) = @_;
- # allowed: files nis ldap dns
+ my @known = qw(nis ldap winbind);
substInFile {
if (my ($database, $l) = /^(\s*(?:passwd|shadow|group|automount):\s*)(.*)/) {
- $_ = $database . join(' ', uniq('files', @kinds, split(' ', $l))) . "\n";
+ my @l = difference2([ split(' ', $l) ], \@known);
+ $_ = $database . join(' ', uniq('files', @kinds, @l)) . "\n";
}
} "$::prefix/etc/nsswitch.conf";
}