summaryrefslogtreecommitdiffstats
path: root/core/modules/pam-slx-plug
Commit message (Collapse)AuthorAgeFilesLines
* Add more log output to a couple of systemd startup scriptsSimon Rettberg2023-07-271-3/+17
|
* [pam-slx-plug] Add logging to journalSimon Rettberg2022-03-232-1/+14
|
* [pam-slx-plug] Unmount doubly-mounted home directorySimon Rettberg2021-10-291-0/+6
|
* [pam-slx-plug] Escape backslashSimon Rettberg2021-03-151-1/+1
|
* [pam-slx-plug] Kill pwdaemon, umount PERSISTENT on session endSimon Rettberg2020-08-112-0/+19
| | | | | | | Use user@.service to implement this, so multiple concurrent sessions of the same user are handled properly. Closes #3619
* [pam-slx-plug] fix exec_auth_final always exitingJonathan Bauer2020-01-141-1/+1
| | | | Password was not passed to it, thus it would never reach the hooks...
* [run-virt/pam-slx-plug] Always spawn pwdaemon, and one instance onlySimon Rettberg2020-01-101-9/+16
|
* [pam-slx-plug] Improve logging, fix waiting for slxlogSimon Rettberg2019-11-081-11/+14
|
* [pam-slx-plug] Don't use -LLL so we have more output on errorSimon Rettberg2019-11-081-2/+2
|
* [pam-slx-plug] Change order in common-account: Move pam_unix before usSimon Rettberg2019-09-101-3/+3
| | | | | Our script does make round trips to LDAP under certain conditions which is slow, so try pam_unix first.
* [pam-slx-plug] flowchart: Minor fixSimon Rettberg2019-07-011-1/+1
|
* [pam-slx-plug] Add digraph lining out pam authentication control flowSimon Rettberg2019-06-281-0/+205
| | | | dot -Tsvg < flowchart.dot > result.svg
* [pam-slx-plug] Move old pam_script_* hook dirs to pam dirSimon Rettberg2019-06-283-3/+5
| | | | | | They're all now in subdirectories of /opt/openslx/pam/hooks. Symlinks have been put in place where they used to reside.
* [pam-slx-plug] Move slx-plug specific hook directorySimon Rettberg2019-06-282-14/+19
| | | | | | | | | From /opt/openslx/scripts/pam_script_auth.d/* to /opt/openslx/pam/hooks/auth-slx-source.d/* The old location is now a symlink to the new one.
* [pam-slx-plug] Add auth-final-exec hookSimon Rettberg2019-06-282-0/+40
| | | | | | | | | | On successful authentication, run everything in dir /opt/openslx/pam/hooks/auth-final-exec.d This applies no matter which authentication module succeeded, contrary to the old pam_script_auth.d directory. Note that the password is NOT exposed in this hook, and it is only run if the pam stack is executing in root context.
* [*] Use logind.conf to kill user processesSimon Rettberg2019-05-241-64/+0Star
| | | | | Get rid of old, brittle script in pam session close that would do wonky stuff to kill stray user processes.
* [pam-slx-plug] Stop execution early if not run as rootSimon Rettberg2019-04-081-0/+3
| | | | | Running home directory mounts, group fiddling etc. doesn't make any sense if the script is not run in root context.
* [run-virt/pam-slx-plug] Honor SHARE_NO_HOME_WARNSimon Rettberg2019-04-081-1/+2
|
* [pam-slx-plug] Add get_username script to lookup capsSimon Rettberg2018-12-044-14/+75
| | | | | | | | | | Changing the capitalization of usernames in the PAM stack is a bad idea and messes everything up. Add a helper script that can loop up a user name and return the proper capitalization. This script should be called in the lightdm greeter. exec_auth now refuses login if the username returned by LDAP has a different capitalization. Fixes #3503
* [pam-slx-plug] Use caps from LDAP; allow running auth as userSimon Rettberg2018-12-043-8/+23
| | | | | | | Allow running exec_auth if the checked user is the user the script is running as. When writing user to /etc/passwd, use the spelling as supplied from the LDAP server.
* Merge branch 'master' of 10.4.9.58:/root/mltk-oldkernelSimon Rettberg2018-06-272-4/+11
|\
| * [pam-slx-plug] Write user's LDAP attributes to .openslx/ldapSimon Rettberg2018-06-272-4/+11
| | | | | | | | | | | | Also qury transitive group memberships of AD servers by setting the search base to the user's DN and then limiting the search scope to "base"
* | [pam-slx-plug] Fix minor logging issuesSimon Rettberg2018-06-181-2/+3
| |
* | [pam-slx-plug] Create directories to shut up ldapsearchSimon Rettberg2018-06-181-1/+1
|/
* [pam-slx-plug] Always export PERSISTENT_NETPATHSimon Rettberg2018-05-231-7/+8
|
* [*] LDAP_DOMAIN_OVERRIDE -> SHARE_DOMAINJonathan Bauer2018-04-112-3/+3
|
* [pam-slx-plug] Set proper file mode on generated configsSimon Rettberg2018-04-031-0/+4
|
* [pam/rfs-stage32/pam-slx-plug] Only overwrite pam/nsswitch files that have ↵Simon Rettberg2018-03-141-52/+62
| | | | <slx-autogen>
* [pam-slx-plug] Change location of user's krb5 CCSimon Rettberg2018-03-131-1/+1
|
* [pam-slx-plug] Fix typo (krb5.conf)Simon Rettberg2018-03-131-1/+1
|
* [pam-slx-plug/run-virt] Create a usable shares file for run-virtSimon Rettberg2018-03-101-1/+5
| | | | Global /opt/openslx/inc/shares is legacy fallback only
* [pam/runvirt/..] Move .account and .home into .openslx subdirectorySimon Rettberg2018-03-101-6/+7
| | | | | | Create separate tmpfs for .openslx to make sure the user cannot rename, edit or remove the files. It's a subdir of $HOME which has 0700, so no other user will be able to read it.
* [pam-slx-plug] Implement session open/close handlingSimon Rettberg2018-03-091-2/+29
|
* [pam-slx-plug] Move session killing and home unmount from "pam" to this moduleSimon Rettberg2018-03-091-0/+64
|
* [pam-slx-plug] Add generic /etc/ldap.confSimon Rettberg2018-03-093-0/+6
|
* [pam-slx-plug] Fix typo in sssd.conf templateSimon Rettberg2018-03-091-1/+1
|
* [pam-slx-plug] fix variable naming issues/mismatchSimon Rettberg2018-03-093-4/+7
|
* [pam-slx-plug] Add missing homeDirectory to ldapsearch, fix mount.d pathSimon Rettberg2018-03-092-3/+3
|
* [pam-slx-plug] Set USER_DN on successful auth; move to basic.targetSimon Rettberg2018-03-094-2/+4
|
* [pam-slx-plug] Handle sssd.conf generationSimon Rettberg2018-03-091-7/+76
|
* [pam-slx-plug] Starting to separate some of the pam/nsswitch logic out of ↵Simon Rettberg2018-03-0812-0/+727
sssd/pam Preparation for our own ldap/ad login handling, sssd will only be used for nsswitch related stuff and fallback.
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-18 04:49:25 +0200