Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add more log output to a couple of systemd startup scripts | Simon Rettberg | 2023-07-27 | 1 | -3/+17 |
| | |||||
* | [pam-slx-plug] Add logging to journal | Simon Rettberg | 2022-03-23 | 2 | -1/+14 |
| | |||||
* | [pam-slx-plug] Unmount doubly-mounted home directory | Simon Rettberg | 2021-10-29 | 1 | -0/+6 |
| | |||||
* | [pam-slx-plug] Escape backslash | Simon Rettberg | 2021-03-15 | 1 | -1/+1 |
| | |||||
* | [pam-slx-plug] Kill pwdaemon, umount PERSISTENT on session end | Simon Rettberg | 2020-08-11 | 2 | -0/+19 |
| | | | | | | | Use user@.service to implement this, so multiple concurrent sessions of the same user are handled properly. Closes #3619 | ||||
* | [pam-slx-plug] fix exec_auth_final always exiting | Jonathan Bauer | 2020-01-14 | 1 | -1/+1 |
| | | | | Password was not passed to it, thus it would never reach the hooks... | ||||
* | [run-virt/pam-slx-plug] Always spawn pwdaemon, and one instance only | Simon Rettberg | 2020-01-10 | 1 | -9/+16 |
| | |||||
* | [pam-slx-plug] Improve logging, fix waiting for slxlog | Simon Rettberg | 2019-11-08 | 1 | -11/+14 |
| | |||||
* | [pam-slx-plug] Don't use -LLL so we have more output on error | Simon Rettberg | 2019-11-08 | 1 | -2/+2 |
| | |||||
* | [pam-slx-plug] Change order in common-account: Move pam_unix before us | Simon Rettberg | 2019-09-10 | 1 | -3/+3 |
| | | | | | Our script does make round trips to LDAP under certain conditions which is slow, so try pam_unix first. | ||||
* | [pam-slx-plug] flowchart: Minor fix | Simon Rettberg | 2019-07-01 | 1 | -1/+1 |
| | |||||
* | [pam-slx-plug] Add digraph lining out pam authentication control flow | Simon Rettberg | 2019-06-28 | 1 | -0/+205 |
| | | | | dot -Tsvg < flowchart.dot > result.svg | ||||
* | [pam-slx-plug] Move old pam_script_* hook dirs to pam dir | Simon Rettberg | 2019-06-28 | 3 | -3/+5 |
| | | | | | | They're all now in subdirectories of /opt/openslx/pam/hooks. Symlinks have been put in place where they used to reside. | ||||
* | [pam-slx-plug] Move slx-plug specific hook directory | Simon Rettberg | 2019-06-28 | 2 | -14/+19 |
| | | | | | | | | | From /opt/openslx/scripts/pam_script_auth.d/* to /opt/openslx/pam/hooks/auth-slx-source.d/* The old location is now a symlink to the new one. | ||||
* | [pam-slx-plug] Add auth-final-exec hook | Simon Rettberg | 2019-06-28 | 2 | -0/+40 |
| | | | | | | | | | | On successful authentication, run everything in dir /opt/openslx/pam/hooks/auth-final-exec.d This applies no matter which authentication module succeeded, contrary to the old pam_script_auth.d directory. Note that the password is NOT exposed in this hook, and it is only run if the pam stack is executing in root context. | ||||
* | [*] Use logind.conf to kill user processes | Simon Rettberg | 2019-05-24 | 1 | -64/+0 |
| | | | | | Get rid of old, brittle script in pam session close that would do wonky stuff to kill stray user processes. | ||||
* | [pam-slx-plug] Stop execution early if not run as root | Simon Rettberg | 2019-04-08 | 1 | -0/+3 |
| | | | | | Running home directory mounts, group fiddling etc. doesn't make any sense if the script is not run in root context. | ||||
* | [run-virt/pam-slx-plug] Honor SHARE_NO_HOME_WARN | Simon Rettberg | 2019-04-08 | 1 | -1/+2 |
| | |||||
* | [pam-slx-plug] Add get_username script to lookup caps | Simon Rettberg | 2018-12-04 | 4 | -14/+75 |
| | | | | | | | | | | Changing the capitalization of usernames in the PAM stack is a bad idea and messes everything up. Add a helper script that can loop up a user name and return the proper capitalization. This script should be called in the lightdm greeter. exec_auth now refuses login if the username returned by LDAP has a different capitalization. Fixes #3503 | ||||
* | [pam-slx-plug] Use caps from LDAP; allow running auth as user | Simon Rettberg | 2018-12-04 | 3 | -8/+23 |
| | | | | | | | Allow running exec_auth if the checked user is the user the script is running as. When writing user to /etc/passwd, use the spelling as supplied from the LDAP server. | ||||
* | Merge branch 'master' of 10.4.9.58:/root/mltk-oldkernel | Simon Rettberg | 2018-06-27 | 2 | -4/+11 |
|\ | |||||
| * | [pam-slx-plug] Write user's LDAP attributes to .openslx/ldap | Simon Rettberg | 2018-06-27 | 2 | -4/+11 |
| | | | | | | | | | | | | Also qury transitive group memberships of AD servers by setting the search base to the user's DN and then limiting the search scope to "base" | ||||
* | | [pam-slx-plug] Fix minor logging issues | Simon Rettberg | 2018-06-18 | 1 | -2/+3 |
| | | |||||
* | | [pam-slx-plug] Create directories to shut up ldapsearch | Simon Rettberg | 2018-06-18 | 1 | -1/+1 |
|/ | |||||
* | [pam-slx-plug] Always export PERSISTENT_NETPATH | Simon Rettberg | 2018-05-23 | 1 | -7/+8 |
| | |||||
* | [*] LDAP_DOMAIN_OVERRIDE -> SHARE_DOMAIN | Jonathan Bauer | 2018-04-11 | 2 | -3/+3 |
| | |||||
* | [pam-slx-plug] Set proper file mode on generated configs | Simon Rettberg | 2018-04-03 | 1 | -0/+4 |
| | |||||
* | [pam/rfs-stage32/pam-slx-plug] Only overwrite pam/nsswitch files that have ↵ | Simon Rettberg | 2018-03-14 | 1 | -52/+62 |
| | | | | <slx-autogen> | ||||
* | [pam-slx-plug] Change location of user's krb5 CC | Simon Rettberg | 2018-03-13 | 1 | -1/+1 |
| | |||||
* | [pam-slx-plug] Fix typo (krb5.conf) | Simon Rettberg | 2018-03-13 | 1 | -1/+1 |
| | |||||
* | [pam-slx-plug/run-virt] Create a usable shares file for run-virt | Simon Rettberg | 2018-03-10 | 1 | -1/+5 |
| | | | | Global /opt/openslx/inc/shares is legacy fallback only | ||||
* | [pam/runvirt/..] Move .account and .home into .openslx subdirectory | Simon Rettberg | 2018-03-10 | 1 | -6/+7 |
| | | | | | | Create separate tmpfs for .openslx to make sure the user cannot rename, edit or remove the files. It's a subdir of $HOME which has 0700, so no other user will be able to read it. | ||||
* | [pam-slx-plug] Implement session open/close handling | Simon Rettberg | 2018-03-09 | 1 | -2/+29 |
| | |||||
* | [pam-slx-plug] Move session killing and home unmount from "pam" to this module | Simon Rettberg | 2018-03-09 | 1 | -0/+64 |
| | |||||
* | [pam-slx-plug] Add generic /etc/ldap.conf | Simon Rettberg | 2018-03-09 | 3 | -0/+6 |
| | |||||
* | [pam-slx-plug] Fix typo in sssd.conf template | Simon Rettberg | 2018-03-09 | 1 | -1/+1 |
| | |||||
* | [pam-slx-plug] fix variable naming issues/mismatch | Simon Rettberg | 2018-03-09 | 3 | -4/+7 |
| | |||||
* | [pam-slx-plug] Add missing homeDirectory to ldapsearch, fix mount.d path | Simon Rettberg | 2018-03-09 | 2 | -3/+3 |
| | |||||
* | [pam-slx-plug] Set USER_DN on successful auth; move to basic.target | Simon Rettberg | 2018-03-09 | 4 | -2/+4 |
| | |||||
* | [pam-slx-plug] Handle sssd.conf generation | Simon Rettberg | 2018-03-09 | 1 | -7/+76 |
| | |||||
* | [pam-slx-plug] Starting to separate some of the pam/nsswitch logic out of ↵ | Simon Rettberg | 2018-03-08 | 12 | -0/+727 |
sssd/pam Preparation for our own ldap/ad login handling, sssd will only be used for nsswitch related stuff and fallback. |