diff options
| author | Pascal Rigaux <pixel@mandriva.com> | 2004-11-05 19:44:30 +0000 |
|---|---|---|
| committer | Pascal Rigaux <pixel@mandriva.com> | 2004-11-05 19:44:30 +0000 |
| commit | 668e8c157a650523fec0b7d9ff852a4fbe777ccc (patch) | |
| tree | 38a71bf0678a537da4238ad09ffa6fa3ac6fb1f8 | |
| parent | 8e3314618db296cbc9785a65349a5deb4f683533 (diff) | |
| download | drakx-backup-do-not-use-668e8c157a650523fec0b7d9ff852a4fbe777ccc.tar drakx-backup-do-not-use-668e8c157a650523fec0b7d9ff852a4fbe777ccc.tar.gz drakx-backup-do-not-use-668e8c157a650523fec0b7d9ff852a4fbe777ccc.tar.bz2 drakx-backup-do-not-use-668e8c157a650523fec0b7d9ff852a4fbe777ccc.tar.xz drakx-backup-do-not-use-668e8c157a650523fec0b7d9ff852a4fbe777ccc.zip | |
add "Smart Card" authentication (using pam_castella) (as asked by flepied)
| -rw-r--r-- | perl-install/authentication.pm | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm index a50032fe3..cec86e54a 100644 --- a/perl-install/authentication.pm +++ b/perl-install/authentication.pm @@ -4,7 +4,7 @@ use common; use any; sub kinds() { - ('local', 'LDAP', 'NIS', 'winbind', 'AD', 'SMBKRB'); + ('local', 'LDAP', 'NIS', 'SmartCard', 'winbind', 'AD', 'SMBKRB'); } sub kind2name { @@ -12,7 +12,8 @@ sub kind2name { # Keep the following strings in sync with kind2description ones!!! ${{ local => N("Local file"), LDAP => N("LDAP"), - NIS => N("NIS"), + NIS => N("NIS"), + SmartCard => N("Smart Card"), winbind => N("Windows Domain"), AD => N("Active Directory with SFU"), SMBKRB => N("Active Directory with Winbind") }}{$kind}; @@ -141,7 +142,9 @@ sub set { log::l("authentication::set $kind"); - if ($kind eq 'LDAP') { + if ($kind eq 'SmartCard') { + set_pam_authentication('castella'); + } elsif ($kind eq 'LDAP') { $in->do_pkgs->install(qw(openldap-clients nss_ldap pam_ldap autofs)); my $domain = $netc->{LDAPDOMAIN} || do { @@ -282,7 +285,7 @@ sub set { sub pam_modules() { - 'pam_ldap', 'pam_winbind', 'pam_krb5', 'pam_mkhomedir'; + 'pam_ldap', 'pam_castella', 'pam_winbind', 'pam_krb5', 'pam_mkhomedir'; } sub pam_module_from_path { $_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2; @@ -311,11 +314,15 @@ sub set_pam_authentication { my %special = ( auth => \@authentication_kinds, - account => \@authentication_kinds, + account => [ difference2(\@authentication_kinds, [ 'castella' ]) ], password => [ intersection(\@authentication_kinds, [ 'ldap', 'krb5' ]) ], ); my %before_first = ( - session => intersection(\@authentication_kinds, [ 'winbind', 'krb5' ]) ? pam_format_line('session', 'optional', 'pam_mkhomedir', 'skel=/etc/skel/', 'umask=0022') : '', + session => + intersection(\@authentication_kinds, [ 'winbind', 'krb5' ]) + ? pam_format_line('session', 'optional', 'pam_mkhomedir', 'skel=/etc/skel/', 'umask=0022') : + member('castella', @authentication_kinds) + ? pam_format_line('session', 'optional', 'pam_castella') : '', ); my %after_deny = ( session => member('krb5', @authentication_kinds) ? pam_format_line('session', 'optional', 'pam_krb5') : '', @@ -334,7 +341,7 @@ sub set_pam_authentication { $type eq 'account' ? qw(use_first_pass) : @{[]}; @para = difference2(\@para, \@para_for_last); - my ($before, $after) = partition { $_ eq 'krb5' } @{$special{$type}}; + my ($before, $after) = partition { member($_, 'krb5', 'castella') } @{$special{$type}}; my @l = ((map { [ "pam_$_" ] } @$before), [ 'pam_unix', @para ], (map { [ "pam_$_" ] } @$after), |