diff options
author | Jonathan Bauer | 2013-09-20 17:06:59 +0200 |
---|---|---|
committer | Jonathan Bauer | 2013-09-20 17:06:59 +0200 |
commit | 5f45473ac132f529d1c986103b2f034ddbab45fe (patch) | |
tree | 5964e613bccaac32ef7d7eb015840ce3eff4610c /server/modules | |
parent | Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts (diff) | |
download | tm-scripts-5f45473ac132f529d1c986103b2f034ddbab45fe.tar.gz tm-scripts-5f45473ac132f529d1c986103b2f034ddbab45fe.tar.xz tm-scripts-5f45473ac132f529d1c986103b2f034ddbab45fe.zip |
workaround for permissions fix not working. ..
Diffstat (limited to 'server/modules')
30 files changed, 0 insertions, 501 deletions
diff --git a/server/modules/pam-freiburg/etc/gssapi_mech.conf b/server/modules/pam-freiburg/etc/gssapi_mech.conf deleted file mode 100644 index ac41f5fd..00000000 --- a/server/modules/pam-freiburg/etc/gssapi_mech.conf +++ /dev/null @@ -1,21 +0,0 @@ -# Example /etc/gssapi_mech.conf file -# -# GSSAPI Mechanism Definitions -# -# This configuration file determines which GSS-API mechanisms -# the gssd code should use -# -# NOTE: -# The initiaiization function "mechglue_internal_krb5_init" -# is used for the MIT krb5 gssapi mechanism. This special -# function name indicates that an internal function should -# be used to determine the entry points for the MIT gssapi -# mechanism funtions. -# -# library initialization function -# ================================ ========================== -# The MIT K5 gssapi library, use special function for initialization. -libgssapi_krb5.so.2 mechglue_internal_krb5_init -# -# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize. -# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize diff --git a/server/modules/pam-freiburg/etc/idmapd.conf b/server/modules/pam-freiburg/etc/idmapd.conf deleted file mode 100644 index 2253cf0d..00000000 --- a/server/modules/pam-freiburg/etc/idmapd.conf +++ /dev/null @@ -1,12 +0,0 @@ -[General] - -Verbosity = 0 -Pipefs-Directory = /run/rpc_pipefs -# set your own domain here, if id differs from FQDN minus hostname -Domain = uni-freiburg.de -# localdomain - -[Mapping] - -Nobody-User = nobody -Nobody-Group = nogroup diff --git a/server/modules/pam-freiburg/etc/krb5.conf b/server/modules/pam-freiburg/etc/krb5.conf deleted file mode 100644 index 6fd49243..00000000 --- a/server/modules/pam-freiburg/etc/krb5.conf +++ /dev/null @@ -1,28 +0,0 @@ -# file copied from configuration package (rootfs/etc/krb5.conf) -######################################################################### -[libdefaults] - noaddresses = false - clockskew = 300 - default_realm = PUBLIC.ADS.UNI-FREIBURG.DE - forwardable = true - minimum_uid = 1000 - proxiable = false - renew_lifetime = 30d - retain_after_close = false - ticket_lifetime = 3d - use_shmem = sshd - allow_weak_crypto=true -######################################################################### -[realms] - PUBLIC.ADS.UNI-FREIBURG.DE = { - kdc = kerberos.uni-freiburg.de - default_domain = uni-freiburg.de - admin_server = kerberos.uni-freiburg.de - } -######################################################################### -[domain_realm] - uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE - .uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE -########################################################################## -[appdefaults] -######################################################################### diff --git a/server/modules/pam-freiburg/etc/ldap.conf b/server/modules/pam-freiburg/etc/ldap.conf deleted file mode 100644 index 483595d2..00000000 --- a/server/modules/pam-freiburg/etc/ldap.conf +++ /dev/null @@ -1,11 +0,0 @@ -URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de -BASE ou=people,dc=uni-freiburg,dc=de -BIND_TIMELIMIT 5 -TIMELIMIT 10 -LOGDIR /tmp/ldap -TLS_REQCERT allow -nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) -nss_base_group ou=group,dc=uni-freiburg,dc=de?one -nss_map_attribute homeDirectory rufClientHome - -nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,distccd,games,git,gnats,hplip,irc,kdm,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/server/modules/pam-freiburg/etc/ldap/ldap.conf b/server/modules/pam-freiburg/etc/ldap/ldap.conf deleted file mode 100644 index 809065cc..00000000 --- a/server/modules/pam-freiburg/etc/ldap/ldap.conf +++ /dev/null @@ -1,7 +0,0 @@ -URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de -BASE ou=people,dc=uni-freiburg,dc=de -TLS_REQCERT allow -nss_base_passwd ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled) -nss_base_group ou=group,dc=uni-freiburg,dc=de?one -nss_map_attribute homeDirectory rufClientHome - diff --git a/server/modules/pam-freiburg/etc/openldap/ldap.conf b/server/modules/pam-freiburg/etc/openldap/ldap.conf deleted file mode 120000 index c0aaf459..00000000 --- a/server/modules/pam-freiburg/etc/openldap/ldap.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/ldap.conf
\ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close deleted file mode 120000 index f3682056..00000000 --- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close +++ /dev/null @@ -1 +0,0 @@ -/opt/openslx/scripts/pam_script_ses_close
\ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open deleted file mode 120000 index 4f5598e5..00000000 --- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open +++ /dev/null @@ -1 +0,0 @@ -/opt/openslx/scripts/pam_script_ses_open
\ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/pam.d/common-account b/server/modules/pam-freiburg/etc/pam.d/common-account deleted file mode 100644 index 3a5d5a14..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-account +++ /dev/null @@ -1,26 +0,0 @@ -# -# /etc/pam.d/common-account - authorization settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authorization modules that define -# the central access policy for use on the system. The default is to -# only deny service to users whose accounts are expired in /etc/shadow. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. -# - -# here are the per-package modules (the "Primary" block) -account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so -account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -account requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -account required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth deleted file mode 100644 index 790afa1d..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-auth +++ /dev/null @@ -1,27 +0,0 @@ -# -# /etc/pam.d/common-auth - authentication settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 -auth [success=2 default=ignore] pam_unix.so try_first_pass -auth [success=1 default=ignore] pam_ldap.so use_first_pass -# here's the fallback if no module succeeds -auth requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -auth required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-password b/server/modules/pam-freiburg/etc/pam.d/common-password deleted file mode 100644 index cb8c7b71..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-password +++ /dev/null @@ -1,33 +0,0 @@ -# -# /etc/pam.d/common-password - password-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix. - -# Explanation of pam_unix options: -# -# The "sha512" option enables salted SHA512 passwords. Without this option, -# the default is Unix crypt. Prior releases used the option "md5". -# -# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in -# login.defs. -# -# See the pam_unix manpage for other options. - -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -password [success=1 default=ignore] pam_unix.so obscure sha512 -# here's the fallback if no module succeeds -password requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -password required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session deleted file mode 100644 index 9a8b73e1..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ /dev/null @@ -1,38 +0,0 @@ -# -# /etc/pam.d/common-session - session-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of sessions of *any* kind (both interactive and -# non-interactive). -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_systemd.so -session optional pam_ck_connector.so -session optional pam_env.so readenv=1 -session optional pam_env.so readenv=1 envfile=/etc/default/locale -session optional pam_krb5.so minimum_uid=1000 -session [success=1] pam_unix.so -session [success=ok] pam_ldap.so -session sufficient pam_script.so -session optional pam_mkhomedir.so skel=/etc/skel umask=0022 -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive deleted file mode 100644 index 1fee2c4f..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive +++ /dev/null @@ -1,30 +0,0 @@ -# -# /etc/pam.d/common-session-noninteractive - session-related modules -# common to all non-interactive services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of all non-interactive sessions. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# The pam_umask module will set the umask according to the system default in -# /etc/login.defs and user settings, solving the problem of different -# umask settings with different shells, display managers, remote sessions etc. -# See "man pam_umask". -session optional pam_umask.so -# and here are more per-package modules (the "Additional" block) -session required pam_unix.so -# end of pam-auth-update config diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm b/server/modules/pam-freiburg/etc/pam.d/kdm deleted file mode 100644 index e6a4ec9b..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/kdm +++ /dev/null @@ -1,10 +0,0 @@ -# -# /etc/pam.d/kdm - specify the PAM behaviour of kdm -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -auth include common-auth -account include common-account -password include common-password -session include common-session diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm-np b/server/modules/pam-freiburg/etc/pam.d/kdm-np deleted file mode 100644 index dc10e5b5..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/kdm-np +++ /dev/null @@ -1,11 +0,0 @@ -# -# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins -# -auth required pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -session required pam_limits.so -account include common-account -password include common-password -session include common-session -auth required pam_permit.so diff --git a/server/modules/pam-freiburg/etc/pam.d/login b/server/modules/pam-freiburg/etc/pam.d/login deleted file mode 100644 index 1065f351..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/login +++ /dev/null @@ -1,101 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a password on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -# OpenSLX: Not Needed? -#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# TODO do we need this? -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -#auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# TODO do we need this? -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -#session required pam_limits.so - -# TODO check if this is needed -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Standard Un*x account and session -account include common-account -session include common-session -password include common-password - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) diff --git a/server/modules/pam-freiburg/etc/pam.d/other b/server/modules/pam-freiburg/etc/pam.d/other deleted file mode 100644 index 840eb77f..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/other +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_warn.so -auth required pam_deny.so -account required pam_warn.so -account required pam_deny.so -password required pam_warn.so -password required pam_deny.so -session required pam_warn.so -session required pam_deny.so - diff --git a/server/modules/pam-freiburg/etc/pam.d/passwd b/server/modules/pam-freiburg/etc/pam.d/passwd deleted file mode 100644 index 32eaa3c6..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/passwd +++ /dev/null @@ -1,6 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password - diff --git a/server/modules/pam-freiburg/etc/pam.d/sshd b/server/modules/pam-freiburg/etc/pam.d/sshd deleted file mode 100644 index 8954d639..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/sshd +++ /dev/null @@ -1,41 +0,0 @@ -# PAM configuration for the Secure Shell service - -# Read environment variables from /etc/environment and -# /etc/security/pam_env.conf. -auth required pam_env.so # [1] -# In Debian 4.0 (etch), locale-related environment variables were moved to -# /etc/default/locale, so read that as well. -auth required pam_env.so envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# Disallow non-root logins when /etc/nologin exists. -account required pam_nologin.so - -# Uncomment and edit /etc/security/access.conf if you need to set complex -# access limits that are hard to express in sshd_config. -# account required pam_access.so - -# Standard Un*x authorization. -account include common-account - -# Standard Un*x session setup and teardown. -session include common-session - -# Print the message of the day upon successful login. -session optional pam_motd.so # [1] - -# TODO do we need this? -# Print the status of the user's mailbox upon successful login. -#session optional pam_mail.so standard noenv # [1] - -# TODO do we need this? -# Set up user limits from /etc/security/limits.conf. -#session required pam_limits.so - -# Set up SELinux capabilities (need modified pam) -# session required pam_selinux.so multiple - -# Standard Un*x password updating. -password include common-password diff --git a/server/modules/pam-freiburg/etc/pam.d/vmware-authd b/server/modules/pam-freiburg/etc/pam.d/vmware-authd deleted file mode 100644 index 1f9b60f9..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/vmware-authd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session include common-session - diff --git a/server/modules/pam-freiburg/etc/pam.d/xdm b/server/modules/pam-freiburg/etc/pam.d/xdm deleted file mode 100644 index d21651db..00000000 --- a/server/modules/pam-freiburg/etc/pam.d/xdm +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service deleted file mode 100644 index 664f7dd7..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Activate NSS-LDAP lookups -Before=graphical.target - -[Service] -Type=oneshot -ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap -ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf -ExecStart=/usr/bin/systemctl restart nscd - diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service deleted file mode 120000 index 1102840c..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service +++ /dev/null @@ -1 +0,0 @@ -../activate-nss-ldap.service
\ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service deleted file mode 120000 index 194aba77..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service +++ /dev/null @@ -1 +0,0 @@ -../rpc-gssd.service
\ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service deleted file mode 120000 index 66a28252..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service +++ /dev/null @@ -1 +0,0 @@ -../rpc-idmapd.service
\ No newline at end of file diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service deleted file mode 100644 index 79ffce8d..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=NFS rpcsec_gss daemon -Requires=run-rpc_pipefs.mount -After=run-rpc_pipefs.mount - -[Service] -ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service deleted file mode 100644 index c4da93e7..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=NFSv4 ID-name mapping daemon -Requires=network.target run-rpc_pipefs.mount -After=network.target - -[Service] -ExecStart=/usr/sbin/rpc.idmapd -f diff --git a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount deleted file mode 100644 index 692adce8..00000000 --- a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Pipefs RPC filesystem - -[Mount] -What=rpc_pipefs -Where=/run/rpc_pipefs -Type=rpc_pipefs diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close deleted file mode 100755 index 44dcd418..00000000 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER" - - diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open deleted file mode 100755 index 205090b6..00000000 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" - -[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER" - -if [ ! -z "$(mount|grep $PAM_USER)" ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted." - exit 0 -fi - -if [ $(id -g $PAM_USER) -ge 1000 ]; then - [ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER" - - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab - chmod 600 /etc/krb5.keytab - - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER" - - FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2) - - # now we can mount the home directory! - mkdir -p /home/$PAM_USER - if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then - exit 0 - else - echo "Failed to mount home directory for $PAM_USER" - exit 1 - fi - -fi - |