Codebase list realmd / 23cdb2b
Imported Upstream version 0.16.1 Michael Biebl 8 years ago
33 changed file(s) with 336 addition(s) and 75 deletion(s). Raw diff Collapse all Expand all
+5
-0
NEWS less more
0 0.16.1
1 * libsystemd build fix [#90519]
2 * Change default home directory to /home/%U@%D
3 * Add --automatic-id-mapping=no command line argument
4
05 0.16.0
16 * Disable automatic AD joins by default [#89205]
27 * Validate text we receive from LDAP
+170
-10
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.69 for realmd 0.16.0.
2 # Generated by GNU Autoconf 2.69 for realmd 0.16.1.
33 #
44 # Report bugs to <http://bugs.freedesktop.org/enter_bug.cgi?product=realmd>.
55 #
580580 # Identity of this package.
581581 PACKAGE_NAME='realmd'
582582 PACKAGE_TARNAME='realmd'
583 PACKAGE_VERSION='0.16.0'
584 PACKAGE_STRING='realmd 0.16.0'
583 PACKAGE_VERSION='0.16.1'
584 PACKAGE_STRING='realmd 0.16.1'
585585 PACKAGE_BUGREPORT='http://bugs.freedesktop.org/enter_bug.cgi?product=realmd'
586586 PACKAGE_URL=''
587587
13721372 # Omit some internal or obsolete options to make the list less imposing.
13731373 # This message is too long to be a string in the A/UX 3.1 sh.
13741374 cat <<_ACEOF
1375 \`configure' configures realmd 0.16.0 to adapt to many kinds of systems.
1375 \`configure' configures realmd 0.16.1 to adapt to many kinds of systems.
13761376
13771377 Usage: $0 [OPTION]... [VAR=VALUE]...
13781378
14381438
14391439 if test -n "$ac_init_help"; then
14401440 case $ac_init_help in
1441 short | recursive ) echo "Configuration of realmd 0.16.0:";;
1441 short | recursive ) echo "Configuration of realmd 0.16.1:";;
14421442 esac
14431443 cat <<\_ACEOF
14441444
15651565 test -n "$ac_init_help" && exit $ac_status
15661566 if $ac_init_version; then
15671567 cat <<\_ACEOF
1568 realmd configure 0.16.0
1568 realmd configure 0.16.1
15691569 generated by GNU Autoconf 2.69
15701570
15711571 Copyright (C) 2012 Free Software Foundation, Inc.
19341934 This file contains any messages produced by compilers while
19351935 running configure, to aid debugging if configure makes a mistake.
19361936
1937 It was created by realmd $as_me 0.16.0, which was
1937 It was created by realmd $as_me 0.16.1, which was
19381938 generated by GNU Autoconf 2.69. Invocation command line was
19391939
19401940 $ $0 $@
28102810
28112811 # Define the identity of the package.
28122812 PACKAGE='realmd'
2813 VERSION='0.16.0'
2813 VERSION='0.16.1'
28142814
28152815
28162816 cat >>confdefs.h <<_ACEOF
74787478 pkg_cv_SYSTEMD_JOURNAL_CFLAGS="$SYSTEMD_JOURNAL_CFLAGS"
74797479 elif test -n "$PKG_CONFIG"; then
74807480 if test -n "$PKG_CONFIG" && \
7481 { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5
7482 ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5
7483 ac_status=$?
7484 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
7485 test $ac_status = 0; }; then
7486 pkg_cv_SYSTEMD_JOURNAL_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null`
7487 test "x$?" != "x0" && pkg_failed=yes
7488 else
7489 pkg_failed=yes
7490 fi
7491 else
7492 pkg_failed=untried
7493 fi
7494 if test -n "$SYSTEMD_JOURNAL_LIBS"; then
7495 pkg_cv_SYSTEMD_JOURNAL_LIBS="$SYSTEMD_JOURNAL_LIBS"
7496 elif test -n "$PKG_CONFIG"; then
7497 if test -n "$PKG_CONFIG" && \
7498 { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5
7499 ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5
7500 ac_status=$?
7501 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
7502 test $ac_status = 0; }; then
7503 pkg_cv_SYSTEMD_JOURNAL_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null`
7504 test "x$?" != "x0" && pkg_failed=yes
7505 else
7506 pkg_failed=yes
7507 fi
7508 else
7509 pkg_failed=untried
7510 fi
7511
7512
7513
7514 if test $pkg_failed = yes; then
7515 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7516 $as_echo "no" >&6; }
7517
7518 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
7519 _pkg_short_errors_supported=yes
7520 else
7521 _pkg_short_errors_supported=no
7522 fi
7523 if test $_pkg_short_errors_supported = yes; then
7524 SYSTEMD_JOURNAL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1`
7525 else
7526 SYSTEMD_JOURNAL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1`
7527 fi
7528 # Put the nasty error message in config.log where it belongs
7529 echo "$SYSTEMD_JOURNAL_PKG_ERRORS" >&5
7530
7531
7532 pkg_failed=no
7533 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_JOURNAL" >&5
7534 $as_echo_n "checking for SYSTEMD_JOURNAL... " >&6; }
7535
7536 if test -n "$SYSTEMD_JOURNAL_CFLAGS"; then
7537 pkg_cv_SYSTEMD_JOURNAL_CFLAGS="$SYSTEMD_JOURNAL_CFLAGS"
7538 elif test -n "$PKG_CONFIG"; then
7539 if test -n "$PKG_CONFIG" && \
74817540 { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-journal\""; } >&5
74827541 ($PKG_CONFIG --exists --print-errors "libsystemd-journal") 2>&5
74837542 ac_status=$?
75537612
75547613 To get pkg-config, see <http://pkg-config.freedesktop.org/>.
75557614 See \`config.log' for more details" "$LINENO" 5; }
7615 else
7616 SYSTEMD_JOURNAL_CFLAGS=$pkg_cv_SYSTEMD_JOURNAL_CFLAGS
7617 SYSTEMD_JOURNAL_LIBS=$pkg_cv_SYSTEMD_JOURNAL_LIBS
7618 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7619 $as_echo "yes" >&6; }
7620
7621 fi
7622 elif test $pkg_failed = untried; then
7623 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7624 $as_echo "no" >&6; }
7625
7626 pkg_failed=no
7627 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_JOURNAL" >&5
7628 $as_echo_n "checking for SYSTEMD_JOURNAL... " >&6; }
7629
7630 if test -n "$SYSTEMD_JOURNAL_CFLAGS"; then
7631 pkg_cv_SYSTEMD_JOURNAL_CFLAGS="$SYSTEMD_JOURNAL_CFLAGS"
7632 elif test -n "$PKG_CONFIG"; then
7633 if test -n "$PKG_CONFIG" && \
7634 { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-journal\""; } >&5
7635 ($PKG_CONFIG --exists --print-errors "libsystemd-journal") 2>&5
7636 ac_status=$?
7637 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
7638 test $ac_status = 0; }; then
7639 pkg_cv_SYSTEMD_JOURNAL_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-journal" 2>/dev/null`
7640 test "x$?" != "x0" && pkg_failed=yes
7641 else
7642 pkg_failed=yes
7643 fi
7644 else
7645 pkg_failed=untried
7646 fi
7647 if test -n "$SYSTEMD_JOURNAL_LIBS"; then
7648 pkg_cv_SYSTEMD_JOURNAL_LIBS="$SYSTEMD_JOURNAL_LIBS"
7649 elif test -n "$PKG_CONFIG"; then
7650 if test -n "$PKG_CONFIG" && \
7651 { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-journal\""; } >&5
7652 ($PKG_CONFIG --exists --print-errors "libsystemd-journal") 2>&5
7653 ac_status=$?
7654 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
7655 test $ac_status = 0; }; then
7656 pkg_cv_SYSTEMD_JOURNAL_LIBS=`$PKG_CONFIG --libs "libsystemd-journal" 2>/dev/null`
7657 test "x$?" != "x0" && pkg_failed=yes
7658 else
7659 pkg_failed=yes
7660 fi
7661 else
7662 pkg_failed=untried
7663 fi
7664
7665
7666
7667 if test $pkg_failed = yes; then
7668 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7669 $as_echo "no" >&6; }
7670
7671 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
7672 _pkg_short_errors_supported=yes
7673 else
7674 _pkg_short_errors_supported=no
7675 fi
7676 if test $_pkg_short_errors_supported = yes; then
7677 SYSTEMD_JOURNAL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-journal" 2>&1`
7678 else
7679 SYSTEMD_JOURNAL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-journal" 2>&1`
7680 fi
7681 # Put the nasty error message in config.log where it belongs
7682 echo "$SYSTEMD_JOURNAL_PKG_ERRORS" >&5
7683
7684 as_fn_error $? "Package requirements (libsystemd-journal) were not met:
7685
7686 $SYSTEMD_JOURNAL_PKG_ERRORS
7687
7688 Consider adjusting the PKG_CONFIG_PATH environment variable if you
7689 installed software in a non-standard prefix.
7690
7691 Alternatively, you may set the environment variables SYSTEMD_JOURNAL_CFLAGS
7692 and SYSTEMD_JOURNAL_LIBS to avoid the need to call pkg-config.
7693 See the pkg-config man page for more details." "$LINENO" 5
7694 elif test $pkg_failed = untried; then
7695 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7696 $as_echo "no" >&6; }
7697 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
7698 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
7699 as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
7700 is in your PATH or set the PKG_CONFIG environment variable to the full
7701 path to pkg-config.
7702
7703 Alternatively, you may set the environment variables SYSTEMD_JOURNAL_CFLAGS
7704 and SYSTEMD_JOURNAL_LIBS to avoid the need to call pkg-config.
7705 See the pkg-config man page for more details.
7706
7707 To get pkg-config, see <http://pkg-config.freedesktop.org/>.
7708 See \`config.log' for more details" "$LINENO" 5; }
7709 else
7710 SYSTEMD_JOURNAL_CFLAGS=$pkg_cv_SYSTEMD_JOURNAL_CFLAGS
7711 SYSTEMD_JOURNAL_LIBS=$pkg_cv_SYSTEMD_JOURNAL_LIBS
7712 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7713 $as_echo "yes" >&6; }
7714
7715 fi
75567716 else
75577717 SYSTEMD_JOURNAL_CFLAGS=$pkg_cv_SYSTEMD_JOURNAL_CFLAGS
75587718 SYSTEMD_JOURNAL_LIBS=$pkg_cv_SYSTEMD_JOURNAL_LIBS
88979057 # report actual input values of CONFIG_FILES etc. instead of their
88989058 # values after options handling.
88999059 ac_log="
8900 This file was extended by realmd $as_me 0.16.0, which was
9060 This file was extended by realmd $as_me 0.16.1, which was
89019061 generated by GNU Autoconf 2.69. Invocation command line was
89029062
89039063 CONFIG_FILES = $CONFIG_FILES
89639123 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
89649124 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
89659125 ac_cs_version="\\
8966 realmd config.status 0.16.0
9126 realmd config.status 0.16.1
89679127 configured by $0, generated by GNU Autoconf 2.69,
89689128 with options \\"\$ac_cs_config\\"
89699129
+3
-2
configure.ac less more
00 AC_PREREQ(2.63)
11
2 AC_INIT([realmd], [0.16.0],
2 AC_INIT([realmd], [0.16.1],
33 [http://bugs.freedesktop.org/enter_bug.cgi?product=realmd],
44 [realmd])
55
117117
118118 if test "$with_systemd_journal" != "no"; then
119119 AC_DEFINE_UNQUOTED(WITH_JOURNAL, 1, [Use systemd's journal])
120 PKG_CHECK_MODULES(SYSTEMD_JOURNAL, libsystemd-journal)
120 PKG_CHECK_MODULES(SYSTEMD_JOURNAL, [libsystemd],,
121 [PKG_CHECK_MODULES(SYSTEMD_JOURNAL, [libsystemd-journal])])
121122 with_systemd_journal="yes"
122123 fi
123124
+4
-0
dbus/org.freedesktop.realmd.xml less more
617617
618618 @options can contain, but is not limited to, the following values:
619619 <itemizedlist>
620 <listitem><para><literal>automatic-id-mapping</literal>: a boolean
621 value whether to turn on automatic UID/GID mapping. If not
622 specified the default will come from realmd.conf
623 configuration.</para></listitem>
620624 <listitem><para><literal>operation</literal>: a string
621625 identifier chosen by the client, which can then later be
622626 passed to org.freedesktop.realmd.Service.Cancel() in order
+1
-0
dbus/realm-dbus-constants.h less more
5959
6060 #define REALM_DBUS_OPTION_OPERATION "operation"
6161 #define REALM_DBUS_OPTION_COMPUTER_OU "computer-ou"
62 #define REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING "automatic-id-mapping"
6263 #define REALM_DBUS_OPTION_SERVER_SOFTWARE "server-software"
6364 #define REALM_DBUS_OPTION_CLIENT_SOFTWARE "client-software"
6465 #define REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE "membership-software"
+6
-0
doc/manual/realm.xml less more
180180
181181 <variablelist>
182182 <varlistentry>
183 <term><option>--automatic-id-mapping=no</option></term>
184 <listitem><para>Do not perform UID/GID mapping for users
185 and groups, but expect these identifiers to be present
186 in the domain already.</para></listitem>
187 </varlistentry>
188 <varlistentry>
183189 <term><option>--user=xxx</option></term>
184190 <listitem><para>The user name to be used to authenticate
185191 with when joining the machine to the realm. You will
+7
-6
doc/manual/realmd.conf.xml less more
207207 <informalexample>
208208 <programlisting language="js">
209209 [users]
210 default-home = /home/%D/%U
210 default-home = /home/%U@%D
211211 # default-home = /nfs/home/%D-%U
212
213 </programlisting>
214 </informalexample>
215
216 <para>The default setting for this is <option>/home/%D/%U</option>. The
212 # default-home = /home/%D/%U
213
214 </programlisting>
215 </informalexample>
216
217 <para>The default setting for this is <option>/home/%U@%D</option>. The
217218 <option>%D</option> format is replaced by the domain name. The <option>%U</option>
218219 format is replaced by the user name.</para>
219220
+1
-1
doc/version.xml less more
0 0.16.0
0 0.16.1
+1
-1
manual/gdbus-org.freedesktop.realmd.Kerberos.html less more
3535 <td valign="top" align="right"></td>
3636 </tr></table></div>
3737 <div class="refsect1">
38 <a name="idm47306145031520"></a><h2>Properties</h2>
38 <a name="idm47297892231984"></a><h2>Properties</h2>
3939 <pre class="synopsis">
4040 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Kerberos.RealmName">RealmName</GTKDOCLINK> readable s
4141 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Kerberos.DomainName">DomainName</GTKDOCLINK> readable s
+5
-1
manual/gdbus-org.freedesktop.realmd.KerberosMembership.html less more
4545 </pre>
4646 </div>
4747 <div class="refsect1">
48 <a name="idm47306145416096"></a><h2>Properties</h2>
48 <a name="idm47297889943312"></a><h2>Properties</h2>
4949 <pre class="synopsis">
5050 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-KerberosMembership.SuggestedAdministrator">SuggestedAdministrator</GTKDOCLINK> readable s
5151 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-KerberosMembership.SupportedJoinCredentials">SupportedJoinCredentials</GTKDOCLINK> readable a(ss)
9090 <p> <em class="parameter"><code>options</code></em> can contain, but is not limited to, the following values:
9191 </p>
9292 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
93 <li class="listitem"><p><code class="literal">automatic-id-mapping</code>: a boolean
94 value whether to turn on automatic UID/GID mapping. If not
95 specified the default will come from realmd.conf
96 configuration.</p></li>
9397 <li class="listitem"><p><code class="literal">operation</code>: a string
9498 identifier chosen by the client, which can then later be
9599 passed to <GTKDOCLINK HREF="gdbus-method-org-freedesktop-realmd-Service.Cancel">Cancel()</GTKDOCLINK> in order
+1
-1
manual/gdbus-org.freedesktop.realmd.Provider.html less more
4545 </pre>
4646 </div>
4747 <div class="refsect1">
48 <a name="idm47306147959632"></a><h2>Properties</h2>
48 <a name="idm47297895308560"></a><h2>Properties</h2>
4949 <pre class="synopsis">
5050 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Provider.Name">Name</GTKDOCLINK> readable s
5151 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Provider.Version">Version</GTKDOCLINK> readable s
+1
-1
manual/gdbus-org.freedesktop.realmd.Realm.html less more
4646 </pre>
4747 </div>
4848 <div class="refsect1">
49 <a name="idm47306146136944"></a><h2>Properties</h2>
49 <a name="idm47297891890320"></a><h2>Properties</h2>
5050 <pre class="synopsis">
5151 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Realm.Name">Name</GTKDOCLINK> readable s
5252 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Realm.Configured">Configured</GTKDOCLINK> readable s
+1
-1
manual/gdbus-org.freedesktop.realmd.Service.html less more
4444 </pre>
4545 </div>
4646 <div class="refsect1">
47 <a name="idm47306146616848"></a><h2>Signals</h2>
47 <a name="idm47297890480336"></a><h2>Signals</h2>
4848 <pre class="synopsis">
4949 <GTKDOCLINK HREF="gdbus-signal-org-freedesktop-realmd-Service.Diagnostics">Diagnostics</GTKDOCLINK> (s data,
5050 s operation);
+2
-2
manual/guide-active-directory-client.html less more
3131 By default SSSD is used.</p>
3232 <div class="section">
3333 <div class="titlepage"><div><div><h3 class="title">
34 <a name="idm47306144011552"></a>Using SSSD with Active Directory</h3></div></div></div>
34 <a name="idm47297896462208"></a>Using SSSD with Active Directory</h3></div></div></div>
3535 <p><a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>
3636 provides client software for various kerberos and/or LDAP
3737 directories. Since version 1.9.x it provides good support
4949 </div>
5050 <div class="section">
5151 <div class="titlepage"><div><div><h3 class="title">
52 <a name="idm47306141455584"></a>Using Winbind with Active Directory</h3></div></div></div>
52 <a name="idm47297889828816"></a>Using Winbind with Active Directory</h3></div></div></div>
5353 <p>Samba
5454 <a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a>
5555 provides client software for use with Active Directory.</p>
+2
-2
manual/guide-active-directory.html less more
2424 <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
2525 <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
2626 <dd><dl>
27 <dt><span class="section"><a href="guide-active-directory-client.html#idm47306144011552">Using SSSD with Active Directory</a></span></dt>
28 <dt><span class="section"><a href="guide-active-directory-client.html#idm47306141455584">Using Winbind with Active Directory</a></span></dt>
27 <dt><span class="section"><a href="guide-active-directory-client.html#idm47297896462208">Using SSSD with Active Directory</a></span></dt>
28 <dt><span class="section"><a href="guide-active-directory-client.html#idm47297889828816">Using Winbind with Active Directory</a></span></dt>
2929 </dl></dd>
3030 <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
3131 <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
+2
-2
manual/guide-ipa.html less more
2121 <div class="titlepage"><div><div><h2 class="title">
2222 <a name="guide-ipa"></a>Using with IPA</h2></div></div></div>
2323 <div class="toc"><dl class="toc">
24 <dt><span class="section"><a href="guide-ipa.html#idm47306144588960">Discovering IPA domains</a></span></dt>
24 <dt><span class="section"><a href="guide-ipa.html#idm47297889722256">Discovering IPA domains</a></span></dt>
2525 <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt>
2626 <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt>
2727 <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt>
3232 credentials.</p>
3333 <div class="section">
3434 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
35 <a name="idm47306144588960"></a>Discovering IPA domains</h2></div></div></div>
35 <a name="idm47297889722256"></a>Discovering IPA domains</h2></div></div></div>
3636 <p><span class="command"><strong>realmd</strong></span> discovers which domains or
3737 realms it can use or configure. It can discover and identify
3838 IPA domains by looking up the appropriate DNS SRV
+2
-2
manual/guide-kerberos.html less more
2020 <div class="chapter">
2121 <div class="titlepage"><div><div><h2 class="title">
2222 <a name="guide-kerberos"></a>Using with other Kerberos realms</h2></div></div></div>
23 <div class="toc"><dl class="toc"><dt><span class="section"><a href="guide-kerberos.html#idm47306140783248">Discovering Kerberos realms</a></span></dt></dl></div>
23 <div class="toc"><dl class="toc"><dt><span class="section"><a href="guide-kerberos.html#idm47297892183456">Discovering Kerberos realms</a></span></dt></dl></div>
2424 <p><span class="command"><strong>realmd</strong></span> can discover generic Kerberos realms.
2525 Since there is no standard way to enroll a computer against a Kerberos
2626 server, it is not possible to do this with <span class="command"><strong>realmd</strong></span>.</p>
2727 <div class="section">
2828 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
29 <a name="idm47306140783248"></a>Discovering Kerberos realms</h2></div></div></div>
29 <a name="idm47297892183456"></a>Discovering Kerberos realms</h2></div></div></div>
3030 <p><span class="command"><strong>realmd</strong></span> discovers which domains or
3131 realms it can use or configure. It can discover and identify
3232 Kerberos domains by looking up the appropriate DNS SRV
+4
-4
manual/guide.html less more
3737 <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
3838 <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
3939 <dd><dl>
40 <dt><span class="section"><a href="guide-active-directory-client.html#idm47306144011552">Using SSSD with Active Directory</a></span></dt>
41 <dt><span class="section"><a href="guide-active-directory-client.html#idm47306141455584">Using Winbind with Active Directory</a></span></dt>
40 <dt><span class="section"><a href="guide-active-directory-client.html#idm47297896462208">Using SSSD with Active Directory</a></span></dt>
41 <dt><span class="section"><a href="guide-active-directory-client.html#idm47297889828816">Using Winbind with Active Directory</a></span></dt>
4242 </dl></dd>
4343 <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
4444 <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
4545 </dl></dd>
4646 <dt><span class="chapter"><a href="guide-ipa.html">Using with IPA</a></span></dt>
4747 <dd><dl>
48 <dt><span class="section"><a href="guide-ipa.html#idm47306144588960">Discovering IPA domains</a></span></dt>
48 <dt><span class="section"><a href="guide-ipa.html#idm47297889722256">Discovering IPA domains</a></span></dt>
4949 <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt>
5050 <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt>
5151 <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt>
5252 </dl></dd>
5353 <dt><span class="chapter"><a href="guide-kerberos.html">Using with other Kerberos realms</a></span></dt>
54 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm47306140783248">Discovering Kerberos realms</a></span></dt></dl></dd>
54 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm47297892183456">Discovering Kerberos realms</a></span></dt></dl></dd>
5555 <dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt>
5656 </dl>
5757 </div>
+5
-5
manual/index.html less more
1212 <div class="titlepage">
1313 <div>
1414 <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">realmd</p></th></tr></table></div>
15 <div><p class="releaseinfo">for 0.15.2
15 <div><p class="releaseinfo">for 0.16.1
1616 </p></div>
1717 </div>
1818 <hr>
3434 <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
3535 <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
3636 <dd><dl>
37 <dt><span class="section"><a href="guide-active-directory-client.html#idm47306144011552">Using SSSD with Active Directory</a></span></dt>
38 <dt><span class="section"><a href="guide-active-directory-client.html#idm47306141455584">Using Winbind with Active Directory</a></span></dt>
37 <dt><span class="section"><a href="guide-active-directory-client.html#idm47297896462208">Using SSSD with Active Directory</a></span></dt>
38 <dt><span class="section"><a href="guide-active-directory-client.html#idm47297889828816">Using Winbind with Active Directory</a></span></dt>
3939 </dl></dd>
4040 <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
4141 <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
4242 </dl></dd>
4343 <dt><span class="chapter"><a href="guide-ipa.html">Using with IPA</a></span></dt>
4444 <dd><dl>
45 <dt><span class="section"><a href="guide-ipa.html#idm47306144588960">Discovering IPA domains</a></span></dt>
45 <dt><span class="section"><a href="guide-ipa.html#idm47297889722256">Discovering IPA domains</a></span></dt>
4646 <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt>
4747 <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt>
4848 <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt>
4949 </dl></dd>
5050 <dt><span class="chapter"><a href="guide-kerberos.html">Using with other Kerberos realms</a></span></dt>
51 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm47306140783248">Discovering Kerberos realms</a></span></dt></dl></dd>
51 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm47297892183456">Discovering Kerberos realms</a></span></dt></dl></dd>
5252 <dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt>
5353 </dl></dd>
5454 <dt><span class="part"><a href="development.html">II. Developer Reference</a></span></dt>
+13
-7
manual/realm.html less more
3636 <div class="cmdsynopsis"><p><code class="command">realm deny</code> -a [-R realm]</p></div>
3737 </div>
3838 <div class="refsect1">
39 <a name="idm47306143342256"></a><h2>Description</h2>
39 <a name="idm47297891142432"></a><h2>Description</h2>
4040 <p><span class="command"><strong>realm</strong></span> is a command line tool that
4141 can be used to manage enrollment in kerberos realms, like Active
4242 Directory domains or IPA domains.</p>
7070 </table></div>
7171 </div>
7272 <div class="refsect1">
73 <a name="idm47306143334416"></a><h2>Discover</h2>
73 <a name="idm47297891134592"></a><h2>Discover</h2>
7474 <p>Discover a realm and its capabilities.</p>
7575 <div class="informalexample">
7676 <pre class="programlisting">
121121 </table></div>
122122 </div>
123123 <div class="refsect1">
124 <a name="idm47306143320240"></a><h2>Join</h2>
124 <a name="idm47297891120416"></a><h2>Join</h2>
125125 <p>Configure the local machine for use with a realm.</p>
126126 <div class="informalexample">
127127 <pre class="programlisting">
162162 </colgroup>
163163 <tbody>
164164 <tr>
165 <td><p><span class="term"><code class="option">--automatic-id-mapping=no</code></span></p></td>
166 <td><p>Do not perform UID/GID mapping for users
167 and groups, but expect these identifiers to be present
168 in the domain already.</p></td>
169 </tr>
170 <tr>
165171 <td><p><span class="term"><code class="option">--user=xxx</code></span></p></td>
166172 <td><p>The user name to be used to authenticate
167173 with when joining the machine to the realm. You will
222228 </table></div>
223229 </div>
224230 <div class="refsect1">
225 <a name="idm47306143289264"></a><h2>Leave</h2>
231 <a name="idm47297888766064"></a><h2>Leave</h2>
226232 <p>Deconfigure the local machine for use with a realm.</p>
227233 <div class="informalexample">
228234 <pre class="programlisting">
271277 </table></div>
272278 </div>
273279 <div class="refsect1">
274 <a name="idm47306143275600"></a><h2>List</h2>
280 <a name="idm47297888753968"></a><h2>List</h2>
275281 <p>List all the discovered and configured realms.</p>
276282 <div class="informalexample"><pre class="programlisting">
277283 $ realm list
301307 </table></div>
302308 </div>
303309 <div class="refsect1">
304 <a name="idm47306143267872"></a><h2>Permit</h2>
310 <a name="idm47297888747088"></a><h2>Permit</h2>
305311 <p>Permit local login by users of the realm.</p>
306312 <div class="informalexample"><pre class="programlisting">
307313 $ realm permit --all
345351 </table></div>
346352 </div>
347353 <div class="refsect1">
348 <a name="idm47306143256464"></a><h2>Deny</h2>
354 <a name="idm47297888736880"></a><h2>Deny</h2>
349355 <p>Deny local login by realm accounts.</p>
350356 <div class="informalexample"><pre class="programlisting">
351357 $ realm deny --all
+7
-6
manual/realmd-conf.html less more
2727 <td valign="top" align="right"></td>
2828 </tr></table></div>
2929 <div class="refsect1">
30 <a name="idm47306142918832"></a><h2>Configuration File</h2>
30 <a name="idm47297889063200"></a><h2>Configuration File</h2>
3131 <p><span class="command"><strong>realmd</strong></span> can be tweaked by network administrators
3232 to act in specific ways. This is done by placing settings in a
3333 <code class="filename">/etc/realmd.conf</code>. This file does not exist by
181181 that have no home directory explicitly set.</p>
182182 <div class="informalexample"><pre class="programlisting">
183183 [users]
184 default-home = /home/%D/%U
184 default-home = /home/%U@%D
185185 # default-home = /nfs/home/%D-%U
186
187 </pre></div>
188 <p>The default setting for this is <code class="option">/home/%D/%U</code>. The
186 # default-home = /home/%D/%U
187
188 </pre></div>
189 <p>The default setting for this is <code class="option">/home/%U@%D</code>. The
189190 <code class="option">%D</code> format is replaced by the domain name. The <code class="option">%U</code>
190191 format is replaced by the user name.</p>
191192 <p>You can verify the home directory for a user by running the
229230 </table></div>
230231 </div>
231232 <div class="refsect1">
232 <a name="idm47306140429536"></a><h2>Realm specific settings</h2>
233 <a name="idm47297893509472"></a><h2>Realm specific settings</h2>
233234 <p>These options should go in an section with the same name
234235 as the realm in the <code class="filename">/etc/realmd.conf</code> file.
235236 For example for the <code class="option">domain.example.com</code> domain
+13
-5
service/realm-options.c less more
8282 }
8383
8484 gboolean
85 realm_options_automatic_mapping (const gchar *realm_name)
85 realm_options_automatic_mapping (GVariant *options,
86 const gchar *realm_name)
8687 {
88 gboolean mapping = FALSE;
89 gboolean option = FALSE;
8790 gchar *section;
88 gboolean mapping;
8991
90 section = g_utf8_casefold (realm_name, -1);
91 mapping = realm_settings_boolean (realm_name, "automatic-id-mapping", TRUE);
92 g_free (section);
92 if (options) {
93 option = g_variant_lookup (options, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, "b", &mapping);
94 }
95
96 if (realm_name && !option) {
97 section = g_utf8_casefold (realm_name, -1);
98 mapping = realm_settings_boolean (realm_name, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
99 g_free (section);
100 }
93101
94102 return mapping;
95103 }
+2
-1
service/realm-options.h less more
3333 const gchar * realm_options_user_principal (GVariant *options,
3434 const gchar *realm_name);
3535
36 gboolean realm_options_automatic_mapping (const gchar *realm_name);
36 gboolean realm_options_automatic_mapping (GVariant *options,
37 const gchar *realm_name);
3738
3839 gboolean realm_options_qualify_names (const gchar *realm_name);
3940
+2
-1
service/realm-samba-winbind.c less more
7171 void
7272 realm_samba_winbind_configure_async (RealmIniConfig *config,
7373 const gchar *domain_name,
74 GVariant *options,
7475 GDBusMethodInvocation *invocation,
7576 GAsyncReadyCallback callback,
7677 gpointer user_data)
9899 "template shell", realm_settings_string ("users", "default-shell"),
99100 NULL);
100101
101 if (realm_options_automatic_mapping (domain_name)) {
102 if (realm_options_automatic_mapping (options, domain_name)) {
102103 realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
103104 "idmap uid", "10000-2000000",
104105 "idmap gid", "10000-2000000",
+1
-0
service/realm-samba-winbind.h less more
2222
2323 void realm_samba_winbind_configure_async (RealmIniConfig *config,
2424 const gchar *domain_name,
25 GVariant *options,
2526 GDBusMethodInvocation *invocation,
2627 GAsyncReadyCallback callback,
2728 gpointer user_data);
+1
-1
service/realm-samba.c less more
199199
200200 if (error == NULL) {
201201 name = realm_kerberos_get_name (REALM_KERBEROS (self));
202 realm_samba_winbind_configure_async (self->config, name,
202 realm_samba_winbind_configure_async (self->config, name, enroll->options,
203203 enroll->invocation,
204204 on_winbind_done, g_object_ref (task));
205205 } else {
+1
-1
service/realm-sssd-ad.c less more
193193 "ad_domain", disco->domain_name,
194194 "krb5_realm", disco->kerberos_realm,
195195 "krb5_store_password_if_offline", "True",
196 "ldap_id_mapping", realm_options_automatic_mapping (disco->domain_name) ? "True" : "False",
196 "ldap_id_mapping", realm_options_automatic_mapping (options, disco->domain_name) ? "True" : "False",
197197 "realmd_tags", realmd_tags->str,
198198
199199 "fallback_homedir", home,
+1
-1
service/realmd-defaults.conf less more
3333
3434 [users]
3535 default-shell = /bin/bash
36 default-home = /home/%D/%U
36 default-home = /home/%U@%D
3737
3838 [example.com]
3939 example-administrator = Administrator
+1
-1
service/realmd-redhat.conf less more
22 smb.conf = /etc/samba/smb.conf
33
44 [samba-packages]
5 samba-common = /usr/bin/net
5 samba-common-tools = /usr/bin/net
66
77 [winbind-packages]
88 samba-winbind = /usr/sbin/winbindd
+1
-1
tests/files/realmd-defaults.conf less more
11 # Required for sssd config tests
22 [users]
33 default-shell = /bin/bash
4 default-home = /home/%D/%U
4 default-home = /home/%U@%D
+36
-7
tools/realm-join.c less more
173173 gboolean no_password;
174174 gchar *one_time_password;
175175 gchar *user_principal;
176 gboolean automatic_id_mapping_set;
177 gboolean automatic_id_mapping;
176178 } RealmJoinArgs;
179
180 static void
181 realm_join_args_clear (gpointer data)
182 {
183 RealmJoinArgs *args = data;
184 g_free (args->user);
185 g_free (args->computer_ou);
186 g_free (args->client_software);
187 g_free (args->server_software);
188 g_free (args->user_principal);
189 }
190
191 static gboolean
192 realm_join_arg_id_mapping (const gchar *option_name,
193 const gchar *value,
194 gpointer data,
195 GError **error)
196 {
197 RealmJoinArgs *args = data;
198 args->automatic_id_mapping_set = TRUE;
199 return realm_parse_boolean (option_name, value, TRUE, &args->automatic_id_mapping, error);
200 }
177201
178202 static int
179203 perform_join (RealmClient *client,
212236 return 1;
213237 }
214238
239 g_printerr ("id mapping %d %d\n", args->automatic_id_mapping_set, args->automatic_id_mapping);
215240 options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou,
216241 REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software,
217242 REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal,
243 args->automatic_id_mapping_set ?
244 REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING : NULL,
245 args->automatic_id_mapping,
218246 NULL);
219247 g_variant_ref_sink (options);
220248
247275 GError *error = NULL;
248276 const gchar *realm_name;
249277 RealmJoinArgs args;
278 GOptionGroup *group;
250279 gint ret = 0;
251280
252281 GOptionEntry option_entries[] = {
264293 N_("Join automatically without a password"), NULL },
265294 { "one-time-password", 0, 0, G_OPTION_ARG_STRING, &args.one_time_password,
266295 N_("Join using a preset one time password"), NULL },
296 { "automatic-id-mapping", 0, G_OPTION_FLAG_OPTIONAL_ARG, G_OPTION_ARG_CALLBACK,
297 realm_join_arg_id_mapping, N_("Turn off automatic id mapping"), "no" },
267298 { "user-principal", 0, 0, G_OPTION_ARG_STRING, &args.user_principal,
268299 N_("Set the user principal for the computer account"), NULL },
269300 { NULL, }
273304
274305 context = g_option_context_new ("realm");
275306 g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
276 g_option_context_add_main_entries (context, option_entries, NULL);
277 g_option_context_add_main_entries (context, realm_global_options, NULL);
307
308 group = g_option_group_new (NULL, NULL, NULL, &args, realm_join_args_clear);
309 g_option_group_add_entries (group, option_entries);
310 g_option_group_add_entries (group, realm_global_options);
311 g_option_context_set_main_group (context, group);
278312
279313 if (!g_option_context_parse (context, &argc, &argv, &error)) {
280314 g_printerr ("%s: %s\n", g_get_prgname (), error->message);
300334 ret = perform_join (client, realm_name, &args);
301335 }
302336
303 g_free (args.user);
304 g_free (args.computer_ou);
305 g_free (args.client_software);
306 g_free (args.server_software);
307 g_free (args.user_principal);
308337 g_option_context_free (context);
309338 return ret;
310339 }
+28
-2
tools/realm.c less more
8282
8383 #ifdef WITH_JOURNAL
8484 remote = error ? g_dbus_error_get_remote_error (error) : NULL;
85 if (diag_hint && realm_operation_id && !realm_verbose &&
85 if (error && diag_hint && realm_operation_id && !realm_verbose &&
8686 g_strcmp0 (remote, REALM_DBUS_ERROR_NOT_AUTHORIZED) != 0) {
8787 g_printerr ("See: journalctl REALMD_OPERATION=%s\n",
8888 realm_operation_id);
128128 opts = g_ptr_array_new ();
129129 while (first != NULL) {
130130 option = NULL;
131 if (g_str_equal (first, "groups")) {
131 if (g_str_equal (first, "groups") ||
132 g_str_equal (first, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING)) {
132133 bvalue = va_arg (va, gboolean);
133134 option = g_variant_new ("{sv}", first, g_variant_new_boolean (bvalue));
134135 } else {
157158 g_ptr_array_free (opts, TRUE);
158159
159160 return options;
161 }
162
163 gboolean
164 realm_parse_boolean (const gchar *option,
165 const gchar *value,
166 gboolean defalt,
167 gboolean *result,
168 GError **error)
169 {
170 if (!value || g_str_equal (value, "")) {
171 *result = defalt;
172 return TRUE;
173 } else if (g_ascii_strcasecmp (value, "yes") == 0 ||
174 g_ascii_strcasecmp (value, "true") == 0) {
175 *result = TRUE;
176 return TRUE;
177 } else if (g_ascii_strcasecmp (value, "no") == 0 ||
178 g_ascii_strcasecmp (value, "false") == 0) {
179 *result = FALSE;
180 return TRUE;
181 } else {
182 g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_BAD_VALUE,
183 _("Invalid value for %s option: %s"), option, value);
184 return FALSE;
185 }
160186 }
161187
162188 gboolean
+6
-0
tools/realm.h less more
6666 const gchar *format,
6767 ...) G_GNUC_PRINTF (2, 3);
6868
69 gboolean realm_parse_boolean (const gchar *option,
70 const gchar *value,
71 gboolean defalt,
72 gboolean *result,
73 GError **error);
74
6975 GVariant * realm_kinit_to_kerberos_cache (const gchar *name,
7076 const gchar *realm,
7177 const gchar *password,