Imported Upstream version 0.14.5
Laurent Bigonville
10 years ago
0 | 0 | # Generate automatically. Do not edit. |
1 | ||
2 | commit 9a6a85bfd37e6be03ae06bf30cae08e849a675ec | |
3 | Author: Stef Walter <stefw@redhat.com> | |
4 | Date: 2013-08-15 | |
5 | ||
6 | Release version 0.14.5 | |
7 | ||
8 | NEWS | 5 +++++ | |
9 | configure.ac | 2 +- | |
10 | 2 files changed, 6 insertions(+), 1 deletion(-) | |
11 | ||
12 | commit 66b07a84f68ce1f363d5d51577b1d2cdb30ee98d | |
13 | Author: Stef Walter <stefw@redhat.com> | |
14 | Date: 2013-08-14 | |
15 | ||
16 | Fix reverse ordered output for join failure messages | |
17 | ||
18 | https://bugs.freedesktop.org/show_bug.cgi?id=68112 | |
19 | ||
20 | tools/realm-join.c | 12 +++++------- | |
21 | 1 file changed, 5 insertions(+), 7 deletions(-) | |
22 | ||
23 | commit 4bc34c20349b4089ad26e4a01a31a82a433ba13e | |
24 | Author: Stef Walter <stefw@redhat.com> | |
25 | Date: 2013-08-14 | |
26 | ||
27 | Fix regression caused by --unattended | |
28 | ||
29 | * The short form -U conflicted with --user, so just drop the short form. | |
30 | * Add documentation for --unattended | |
31 | ||
32 | https://bugs.freedesktop.org/show_bug.cgi?id=68112 | |
33 | ||
34 | doc/manual/realm.xml | 5 +++++ | |
35 | tools/realm.c | 2 +- | |
36 | 2 files changed, 6 insertions(+), 1 deletion(-) | |
37 | ||
38 | commit 1c2c8d904671247afcde8f3c302d48a314970f8c | |
39 | Author: Stef Walter <stefw@redhat.com> | |
40 | Date: 2013-08-14 | |
41 | ||
42 | Pass discovered server address to adcli | |
43 | ||
44 | So that adcli doesn't have to do a full discovery, but can just | |
45 | contact that server. | |
46 | ||
47 | https://bugs.freedesktop.org/show_bug.cgi?id=68111 | |
48 | ||
49 | service/realm-adcli-enroll.c | 26 ++++++++++++++++++++++++-- | |
50 | service/realm-disco-mscldap.c | 4 ++++ | |
51 | service/realm-disco-rootdse.c | 9 ++++----- | |
52 | service/realm-disco.c | 2 ++ | |
53 | service/realm-disco.h | 2 ++ | |
54 | 5 files changed, 36 insertions(+), 7 deletions(-) | |
55 | ||
56 | commit ac98d162c0cd2e9bd43469505a2f6a07cc773f73 | |
57 | Author: Stef Walter <stefw@redhat.com> | |
58 | Date: 2013-08-08 | |
59 | ||
60 | Add clarification about when realmd.conf settings take effect | |
61 | ||
62 | doc/manual/realmd.conf.xml | 7 +++++++ | |
63 | 1 file changed, 7 insertions(+) | |
64 | ||
65 | commit 45e06262b861d7e27f4191f74bca8ecd0f2de689 | |
66 | Author: Stef Walter <stefw@redhat.com> | |
67 | Date: 2013-08-07 | |
68 | ||
69 | Release version 0.14.4 | |
70 | ||
71 | NEWS | 6 ++++++ | |
72 | configure.ac | 2 +- | |
73 | 2 files changed, 7 insertions(+), 1 deletion(-) | |
74 | ||
75 | commit 8b83dd8f7b54456e02494d9391d2a1d44c7a32dd | |
76 | Author: Stef Walter <stefw@redhat.com> | |
77 | Date: 2013-07-25 | |
78 | ||
79 | Fix up the [sssd] section in sssd.conf if it's screwed up | |
80 | ||
81 | https://bugzilla.redhat.com/show_bug.cgi?id=987491 | |
82 | ||
83 | service/realm-ini-config.c | 23 +++++++++++++++++++++++ | |
84 | service/realm-ini-config.h | 4 ++++ | |
85 | service/realm-sssd-config.c | 10 ++++------ | |
86 | tests/test-ini-config.c | 14 ++++++++++++++ | |
87 | tests/test-sssd-config.c | 4 ++-- | |
88 | 5 files changed, 47 insertions(+), 8 deletions(-) | |
89 | ||
90 | commit 206a320c10b2efb0b9db3856f7ba3453ffe7ec2a | |
91 | Author: Stef Walter <stefw@redhat.com> | |
92 | Date: 2013-07-24 | |
93 | ||
94 | tools: Add an --unattended argument to realm command line client | |
95 | ||
96 | This prevents prompting for passwords using getpass(). Unattended mode | |
97 | still allows piping in a password via stdin. | |
98 | ||
99 | https://bugzilla.redhat.com/show_bug.cgi?id=976593 | |
100 | ||
101 | tools/realm-client.c | 11 ++++++++++- | |
102 | tools/realm.c | 2 ++ | |
103 | tools/realm.h | 2 ++ | |
104 | 3 files changed, 14 insertions(+), 1 deletion(-) | |
105 | ||
106 | commit daa0b25dc0189a1127513dd86e16250bc9731449 | |
107 | Author: Stef Walter <stefw@redhat.com> | |
108 | Date: 2013-07-24 | |
109 | ||
110 | Clearer 'realm permit' manual page example | |
111 | ||
112 | Also remove duplicated information. | |
113 | ||
114 | https://bugzilla.redhat.com/show_bug.cgi?id=985800 | |
115 | ||
116 | doc/manual/realm.xml | 13 ++++--------- | |
117 | 1 file changed, 4 insertions(+), 9 deletions(-) | |
118 | ||
119 | commit 6e160efd8921a637334cf4b97c9cbd67ceb6a353 | |
120 | Author: Stef Walter <stefw@redhat.com> | |
121 | Date: 2013-07-22 | |
122 | ||
123 | Fix some documentation typos | |
124 | ||
125 | doc/manual/realmd.conf.xml | 3 ++- | |
126 | 1 file changed, 2 insertions(+), 1 deletion(-) | |
127 | ||
128 | commit 6011b5d20a9d58c1bcc7f3af85417e3fad527e00 | |
129 | Author: Stef Walter <stefw@redhat.com> | |
130 | Date: 2013-07-22 | |
131 | ||
132 | Release version 0.14.3 | |
133 | ||
134 | NEWS | 14 ++++++++++++++ | |
135 | configure.ac | 2 +- | |
136 | 2 files changed, 15 insertions(+), 1 deletion(-) | |
137 | ||
138 | commit 51cb0bc599e5b6bd72c0bd93f3f0f7156174c21d | |
139 | Author: Stef Walter <stefw@redhat.com> | |
140 | Date: 2013-07-22 | |
141 | ||
142 | Fix testing regressions | |
143 | ||
144 | tests/test-sssd-config.c | 6 +++--- | |
145 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
146 | ||
147 | commit 29e9976750f4e6b7d71f8f09acf7a428364ab986 | |
148 | Author: Stef Walter <stefw@redhat.com> | |
149 | Date: 2013-07-22 | |
150 | ||
151 | Respect use_fully_qualified_names to populate LoginFormats | |
152 | ||
153 | https://bugzilla.redhat.com/show_bug.cgi?id=967011 | |
154 | ||
155 | service/realm-ini-config.c | 40 ++++++++++++++++++++++++++++++++++++++++ | |
156 | service/realm-ini-config.h | 6 ++++++ | |
157 | service/realm-sssd-config.c | 2 +- | |
158 | service/realm-sssd.c | 10 ++++++++++ | |
159 | tests/test-ini-config.c | 39 +++++++++++++++++++++++++++++++++++++++ | |
160 | 5 files changed, 96 insertions(+), 1 deletion(-) | |
161 | ||
162 | commit 35e4169741071e6a3f214c6998e758aa80275636 | |
163 | Author: Stef Walter <stefw@redhat.com> | |
164 | Date: 2013-07-22 | |
165 | ||
166 | Clarification about how login policy is controlled by manage-system | |
167 | ||
168 | https://bugzilla.redhat.com/show_bug.cgi?id=985773 | |
169 | ||
170 | doc/manual/realmd.conf.xml | 5 +++++ | |
171 | 1 file changed, 5 insertions(+) | |
172 | ||
173 | commit e588faf25dc93d9d5da777d78837c5114effc2d1 | |
174 | Author: Stef Walter <stefw@redhat.com> | |
175 | Date: 2013-07-22 | |
176 | ||
177 | Add some clarification on Active Directory specific options | |
178 | ||
179 | https://bugzilla.redhat.com/show_bug.cgi?id=967565 | |
180 | ||
181 | doc/manual/realm.xml | 7 +++++-- | |
182 | doc/manual/realmd.conf.xml | 14 ++++++++++++-- | |
183 | 2 files changed, 17 insertions(+), 4 deletions(-) | |
184 | ||
185 | commit ebd04682b1993120e71ae626049cdf8efa0e52a2 | |
186 | Author: Stef Walter <stefw@redhat.com> | |
187 | Date: 2013-07-22 | |
188 | ||
189 | Set sssd.conf default_shell per domain | |
190 | ||
191 | This allows for much more predictable configuration, when an admin | |
192 | has set the global option. | |
193 | ||
194 | https://bugzilla.redhat.com/show_bug.cgi?id=967569 | |
195 | ||
196 | service/realm-sssd-ad.c | 3 +++ | |
197 | service/realm-sssd-config.c | 9 --------- | |
198 | service/realm-sssd-ipa.c | 3 +++ | |
199 | 3 files changed, 6 insertions(+), 9 deletions(-) | |
200 | ||
201 | commit a2099259dd752bb0fd33c0239b7ee3520dda54d5 | |
202 | Author: Stef Walter <stefw@redhat.com> | |
203 | Date: 2013-07-22 | |
204 | ||
205 | Notify in terminal output when installing packages | |
206 | ||
207 | Various people have been worried by installing packages | |
208 | quietly, so notify about what's going on. | |
209 | ||
210 | In reality *configuring* and *starting* a daemon is far | |
211 | more worrisome than the installation. It's realmd's job | |
212 | to configure, enable and start stuff. So if you're properly | |
213 | worried, remove realmd and do stuff manually. | |
214 | ||
215 | https://bugzilla.redhat.com/show_bug.cgi?id=984960 | |
216 | ||
217 | service/realm-packages.c | 8 ++++++-- | |
218 | tools/realm-client.c | 29 ++++++++++++++++++++--------- | |
219 | 2 files changed, 26 insertions(+), 11 deletions(-) | |
220 | ||
221 | commit f215dd461ff8982c7a2097ec57a71540359ac769 | |
222 | Author: Stef Walter <stefw@redhat.com> | |
223 | Date: 2013-05-27 | |
224 | ||
225 | If joined via adcli, delete computer account with adcli as well | |
226 | ||
227 | https://bugs.freedesktop.org/show_bug.cgi?id=65032 | |
228 | ||
229 | service/realm-adcli-enroll.c | 75 ++++++++++++++++++++++++++++++++++++++++++++ | |
230 | service/realm-adcli-enroll.h | 10 ++++++ | |
231 | service/realm-kerberos.c | 23 ++++++++++++-- | |
232 | service/realm-kerberos.h | 4 +++ | |
233 | service/realm-sssd-ad.c | 61 ++++++++++++++++++++++++++++++----- | |
234 | service/realm-sssd.c | 26 +++++++++++---- | |
235 | 6 files changed, 183 insertions(+), 16 deletions(-) | |
236 | ||
237 | commit 42b31578341ccf7a7385647a4070a7ac323836fa | |
238 | Author: Stef Walter <stefw@redhat.com> | |
239 | Date: 2013-07-19 | |
240 | ||
241 | If input is not a tty, then just read from stdin without getpass() | |
242 | ||
243 | This allows people to echo passwords into the realm client command | |
244 | like this: | |
245 | ||
246 | echo "password" | realm join --user Administrator example.com | |
247 | ||
248 | https://bugzilla.redhat.com/show_bug.cgi?id=976593 | |
249 | ||
250 | tools/realm-client.c | 41 ++++++++++++++++++++++++++++++++++++++++- | |
251 | 1 file changed, 40 insertions(+), 1 deletion(-) | |
252 | ||
253 | commit 8a7aac53c26b3526c5965a73ab1a2e65d7f91d0a | |
254 | Author: Stef Walter <stefw@redhat.com> | |
255 | Date: 2013-07-15 | |
256 | ||
257 | ipa: Force joins so that computer can rejoin a domain | |
258 | ||
259 | The hostname should already have checked by the administrator | |
260 | that is providing the confirmation for joining the domain. | |
261 | ||
262 | service/realm-sssd-ipa.c | 1 + | |
263 | 1 file changed, 1 insertion(+) | |
264 | ||
265 | commit c7bd539aa21285b1910a52029993f257c8ae0ca9 | |
266 | Author: Stef Walter <stefw@redhat.com> | |
267 | Date: 2013-07-15 | |
268 | ||
269 | winbind: Configure pam_winbind.conf appropriately | |
270 | ||
271 | * Setup kerberos auth, and cached logins | |
272 | ||
273 | http://bugs.freedesktop.org/show_bug.cgi?id=66831 | |
274 | ||
275 | service/realm-samba-winbind.c | 13 +++++++++++++ | |
276 | service/realmd-defaults.conf | 1 + | |
277 | 2 files changed, 14 insertions(+) | |
278 | ||
279 | commit ddf1252d5dc7bfb5418cf932a558ca8a98ce7155 | |
280 | Author: Stef Walter <stefw@redhat.com> | |
281 | Date: 2013-07-09 | |
282 | ||
283 | Refer to FreeIPA as IPA | |
284 | ||
285 | This is the more broad name that covers both the FreeIPA version | |
286 | and the commercial versions of the same thing. | |
287 | ||
288 | We continue to accept 'freeipa' as an input string when referring | |
289 | to software. But output 'ipa' and document that option | |
290 | ||
291 | https://bugs.freedesktop.org/show_bug.cgi?id=66734 | |
292 | ||
293 | dbus/realm-dbus-constants.h | 1 + | |
294 | doc/internals/realmd-internals.xml | 8 +- | |
295 | doc/manual/Makefile.am | 2 +- | |
296 | doc/manual/realm.xml | 10 +-- | |
297 | doc/manual/realmd-docs.xml | 2 +- | |
298 | doc/manual/realmd-guide-freeipa.xml | 164 ------------------------------------ | |
299 | doc/manual/realmd-guide-ipa.xml | 164 ++++++++++++++++++++++++++++++++++++ | |
300 | doc/website/content/index.html | 2 +- | |
301 | service/realm-disco-rootdse.c | 2 +- | |
302 | service/realm-provider.c | 2 + | |
303 | service/realm-sssd-ipa.c | 7 +- | |
304 | service/realm-sssd-provider.c | 8 +- | |
305 | service/realmd-redhat.conf | 2 +- | |
306 | service/realmd-suse.conf | 2 +- | |
307 | 14 files changed, 192 insertions(+), 184 deletions(-) | |
308 | ||
309 | commit d2bc9aa13faadd4c38f29524893597ea82189f4c | |
310 | Author: Stef Walter <stefw@redhat.com> | |
311 | Date: 2013-07-02 | |
312 | ||
313 | service: Support use of kerberos ccache to join when using winbind | |
314 | ||
315 | service/realm-samba.c | 1 + | |
316 | 1 file changed, 1 insertion(+) | |
317 | ||
318 | commit 795b6fdc7a2018bd10ab134f4b23959b6b8073e0 | |
319 | Author: Stef Walter <stefw@redhat.com> | |
320 | Date: 2013-06-06 | |
321 | ||
322 | redhat: Add dependency on oddjobd | |
323 | ||
324 | https://bugzilla.redhat.com/show_bug.cgi?id=969441 | |
325 | ||
326 | service/realmd-redhat.conf | 6 ++++-- | |
327 | 1 file changed, 4 insertions(+), 2 deletions(-) | |
328 | ||
329 | commit a038dcb73a7d85540763a4325914377eaeaa122b | |
330 | Author: Stef Walter <stefw@redhat.com> | |
331 | Date: 2013-06-06 | |
332 | ||
333 | Don't create a top level directory in /var | |
334 | ||
335 | https://bugs.freedesktop.org/show_bug.cgi?id=65435 | |
336 | ||
337 | service/Makefile.am | 4 ++-- | |
338 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
1 | 339 | |
2 | 340 | commit e2bcee9ecbf25492ba60a08c65cfde52bb3334cc |
3 | 341 | Author: Stef Walter <stefw@redhat.com> |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
13 | 13 | |
14 | 14 | @SET_MAKE@ |
15 | 15 | VPATH = @srcdir@ |
16 | am__make_dryrun = \ | |
17 | { \ | |
18 | am__dry=no; \ | |
16 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
17 | am__make_running_with_option = \ | |
18 | case $${target_option-} in \ | |
19 | ?) ;; \ | |
20 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
21 | "target option '$${target_option-}' specified" >&2; \ | |
22 | exit 1;; \ | |
23 | esac; \ | |
24 | has_opt=no; \ | |
25 | sane_makeflags=$$MAKEFLAGS; \ | |
26 | if $(am__is_gnu_make); then \ | |
27 | sane_makeflags=$$MFLAGS; \ | |
28 | else \ | |
19 | 29 | case $$MAKEFLAGS in \ |
20 | 30 | *\\[\ \ ]*) \ |
21 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
22 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
23 | *) \ | |
24 | for am__flg in $$MAKEFLAGS; do \ | |
25 | case $$am__flg in \ | |
26 | *=*|--*) ;; \ | |
27 | *n*) am__dry=yes; break;; \ | |
28 | esac; \ | |
29 | done;; \ | |
31 | bs=\\; \ | |
32 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
33 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
30 | 34 | esac; \ |
31 | test $$am__dry = yes; \ | |
32 | } | |
35 | fi; \ | |
36 | skip_next=no; \ | |
37 | strip_trailopt () \ | |
38 | { \ | |
39 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
40 | }; \ | |
41 | for flg in $$sane_makeflags; do \ | |
42 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
43 | case $$flg in \ | |
44 | *=*|--*) continue;; \ | |
45 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
46 | -*I?*) strip_trailopt 'I';; \ | |
47 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
48 | -*O?*) strip_trailopt 'O';; \ | |
49 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
50 | -*l?*) strip_trailopt 'l';; \ | |
51 | -[dEDm]) skip_next=yes;; \ | |
52 | -[JT]) skip_next=yes;; \ | |
53 | esac; \ | |
54 | case $$flg in \ | |
55 | *$$target_option*) has_opt=yes; break;; \ | |
56 | esac; \ | |
57 | done; \ | |
58 | test $$has_opt = yes | |
59 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
60 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
33 | 61 | pkgdatadir = $(datadir)/@PACKAGE@ |
34 | 62 | pkgincludedir = $(includedir)/@PACKAGE@ |
35 | 63 | pkglibdir = $(libdir)/@PACKAGE@ |
405 | 433 | # (which will cause the Makefiles to be regenerated when you run 'make'); |
406 | 434 | # (2) otherwise, pass the desired values on the 'make' command line. |
407 | 435 | $(am__recursive_targets): |
408 | @fail= failcom='exit 1'; \ | |
409 | for f in x $$MAKEFLAGS; do \ | |
410 | case $$f in \ | |
411 | *=* | --[!k]*);; \ | |
412 | *k*) failcom='fail=yes';; \ | |
413 | esac; \ | |
414 | done; \ | |
436 | @fail=; \ | |
437 | if $(am__make_keepgoing); then \ | |
438 | failcom='fail=yes'; \ | |
439 | else \ | |
440 | failcom='exit 1'; \ | |
441 | fi; \ | |
415 | 442 | dot_seen=no; \ |
416 | 443 | target=`echo $@ | sed s/-recursive//`; \ |
417 | 444 | case "$@" in \ |
0 | 0.14.5 | |
1 | * Fix regression where --unattended conflicted with -U as in --user [#68112] | |
2 | * Pass discovered server address to adcli [#68111] | |
3 | * Fix failure message output | |
4 | ||
5 | 0.14.4 | |
6 | * Fix up the [sssd] section in sssd.conf if it's screwed up | |
7 | * Add an --unattended argument to realm command line client | |
8 | * Clearer 'realm permit' manual page example | |
9 | * Other documentation fixes | |
10 | ||
11 | 0.14.3 | |
12 | * Populate LoginFormats properly when use_fully_qualified_names = False | |
13 | * Several documentation fixes | |
14 | * Set sssd.conf default_shell per domain | |
15 | * Notify in terminal output when installing packages | |
16 | * If joined via adcli, delete computer account with adcli as well | |
17 | * If input is not tty, then just read from stdin without getpass() | |
18 | * Force IPA joins so that computer can rejoin a domain | |
19 | * Configure pam_winbind.conf appropriately when using winbind [#66831] | |
20 | * Refer to FreeIPA as IPA [#66734] | |
21 | * Support use of kerberos ccache to join when using winbind | |
22 | * Don't create a top level directory in /var [#65435] | |
23 | * Other build fixes | |
24 | ||
0 | 25 | 0.14.2 |
1 | 26 | * Rework discovery for changes in FreeIPA 3.0 [#64895] |
2 | 27 | * Remove simple_allow_users/groups when permit/deny access provider [#64903] |
0 | # generated automatically by aclocal 1.13.1 -*- Autoconf -*- | |
1 | ||
2 | # Copyright (C) 1996-2012 Free Software Foundation, Inc. | |
0 | # generated automatically by aclocal 1.13.4 -*- Autoconf -*- | |
1 | ||
2 | # Copyright (C) 1996-2013 Free Software Foundation, Inc. | |
3 | 3 | |
4 | 4 | # This file is free software; the Free Software Foundation |
5 | 5 | # gives unlimited permission to copy and/or distribute it, |
704 | 704 | [am__api_version='1.13' |
705 | 705 | dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to |
706 | 706 | dnl require some minimum version. Point them to the right macro. |
707 | m4_if([$1], [1.13.1], [], | |
707 | m4_if([$1], [1.13.4], [], | |
708 | 708 | [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl |
709 | 709 | ]) |
710 | 710 | |
720 | 720 | # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. |
721 | 721 | # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. |
722 | 722 | AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], |
723 | [AM_AUTOMAKE_VERSION([1.13.1])dnl | |
723 | [AM_AUTOMAKE_VERSION([1.13.4])dnl | |
724 | 724 | m4_ifndef([AC_AUTOCONF_VERSION], |
725 | 725 | [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl |
726 | 726 | _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) |
1042 | 1042 | DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` |
1043 | 1043 | test -z "$DEPDIR" && continue |
1044 | 1044 | am__include=`sed -n 's/^am__include = //p' < "$mf"` |
1045 | test -z "am__include" && continue | |
1045 | test -z "$am__include" && continue | |
1046 | 1046 | am__quote=`sed -n 's/^am__quote = //p' < "$mf"` |
1047 | 1047 | # Find all dependency output files, they are included files with |
1048 | 1048 | # $(DEPDIR) in their names. We invoke sed twice because it is the |
1679 | 1679 | # Substitute a variable $(am__untar) that extract such |
1680 | 1680 | # a tarball read from stdin. |
1681 | 1681 | # $(am__untar) < result.tar |
1682 | # | |
1682 | 1683 | AC_DEFUN([_AM_PROG_TAR], |
1683 | 1684 | [# Always define AMTAR for backward compatibility. Yes, it's still used |
1684 | 1685 | # in the wild :-( We should find a proper way to deprecate it ... |
1685 | 1686 | AC_SUBST([AMTAR], ['$${TAR-tar}']) |
1687 | ||
1688 | # We'll loop over all known methods to create a tar archive until one works. | |
1689 | _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' | |
1690 | ||
1686 | 1691 | m4_if([$1], [v7], |
1687 | [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], | |
1688 | [m4_case([$1], [ustar],, [pax],, | |
1689 | [m4_fatal([Unknown tar format])]) | |
1690 | AC_MSG_CHECKING([how to create a $1 tar archive]) | |
1691 | # Loop over all known methods to create a tar archive until one works. | |
1692 | _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' | |
1693 | _am_tools=${am_cv_prog_tar_$1-$_am_tools} | |
1694 | # Do not fold the above two line into one, because Tru64 sh and | |
1695 | # Solaris sh will not grok spaces in the rhs of '-'. | |
1696 | for _am_tool in $_am_tools | |
1697 | do | |
1698 | case $_am_tool in | |
1699 | gnutar) | |
1700 | for _am_tar in tar gnutar gtar; | |
1701 | do | |
1702 | AM_RUN_LOG([$_am_tar --version]) && break | |
1703 | done | |
1704 | am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' | |
1705 | am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' | |
1706 | am__untar="$_am_tar -xf -" | |
1707 | ;; | |
1708 | plaintar) | |
1709 | # Must skip GNU tar: if it does not support --format= it doesn't create | |
1710 | # ustar tarball either. | |
1711 | (tar --version) >/dev/null 2>&1 && continue | |
1712 | am__tar='tar chf - "$$tardir"' | |
1713 | am__tar_='tar chf - "$tardir"' | |
1714 | am__untar='tar xf -' | |
1715 | ;; | |
1716 | pax) | |
1717 | am__tar='pax -L -x $1 -w "$$tardir"' | |
1718 | am__tar_='pax -L -x $1 -w "$tardir"' | |
1719 | am__untar='pax -r' | |
1720 | ;; | |
1721 | cpio) | |
1722 | am__tar='find "$$tardir" -print | cpio -o -H $1 -L' | |
1723 | am__tar_='find "$tardir" -print | cpio -o -H $1 -L' | |
1724 | am__untar='cpio -i -H $1 -d' | |
1725 | ;; | |
1726 | none) | |
1727 | am__tar=false | |
1728 | am__tar_=false | |
1729 | am__untar=false | |
1730 | ;; | |
1731 | esac | |
1732 | ||
1733 | # If the value was cached, stop now. We just wanted to have am__tar | |
1734 | # and am__untar set. | |
1735 | test -n "${am_cv_prog_tar_$1}" && break | |
1736 | ||
1737 | # tar/untar a dummy directory, and stop if the command works | |
1692 | [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], | |
1693 | ||
1694 | [m4_case([$1], | |
1695 | [ustar], | |
1696 | [# The POSIX 1988 'ustar' format is defined with fixed-size fields. | |
1697 | # There is notably a 21 bits limit for the UID and the GID. In fact, | |
1698 | # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 | |
1699 | # and bug#13588). | |
1700 | am_max_uid=2097151 # 2^21 - 1 | |
1701 | am_max_gid=$am_max_uid | |
1702 | # The $UID and $GID variables are not portable, so we need to resort | |
1703 | # to the POSIX-mandated id(1) utility. Errors in the 'id' calls | |
1704 | # below are definitely unexpected, so allow the users to see them | |
1705 | # (that is, avoid stderr redirection). | |
1706 | am_uid=`id -u || echo unknown` | |
1707 | am_gid=`id -g || echo unknown` | |
1708 | AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) | |
1709 | if test $am_uid -le $am_max_uid; then | |
1710 | AC_MSG_RESULT([yes]) | |
1711 | else | |
1712 | AC_MSG_RESULT([no]) | |
1713 | _am_tools=none | |
1714 | fi | |
1715 | AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) | |
1716 | if test $am_gid -le $am_max_gid; then | |
1717 | AC_MSG_RESULT([yes]) | |
1718 | else | |
1719 | AC_MSG_RESULT([no]) | |
1720 | _am_tools=none | |
1721 | fi], | |
1722 | ||
1723 | [pax], | |
1724 | [], | |
1725 | ||
1726 | [m4_fatal([Unknown tar format])]) | |
1727 | ||
1728 | AC_MSG_CHECKING([how to create a $1 tar archive]) | |
1729 | ||
1730 | # Go ahead even if we have the value already cached. We do so because we | |
1731 | # need to set the values for the 'am__tar' and 'am__untar' variables. | |
1732 | _am_tools=${am_cv_prog_tar_$1-$_am_tools} | |
1733 | ||
1734 | for _am_tool in $_am_tools; do | |
1735 | case $_am_tool in | |
1736 | gnutar) | |
1737 | for _am_tar in tar gnutar gtar; do | |
1738 | AM_RUN_LOG([$_am_tar --version]) && break | |
1739 | done | |
1740 | am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' | |
1741 | am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' | |
1742 | am__untar="$_am_tar -xf -" | |
1743 | ;; | |
1744 | plaintar) | |
1745 | # Must skip GNU tar: if it does not support --format= it doesn't create | |
1746 | # ustar tarball either. | |
1747 | (tar --version) >/dev/null 2>&1 && continue | |
1748 | am__tar='tar chf - "$$tardir"' | |
1749 | am__tar_='tar chf - "$tardir"' | |
1750 | am__untar='tar xf -' | |
1751 | ;; | |
1752 | pax) | |
1753 | am__tar='pax -L -x $1 -w "$$tardir"' | |
1754 | am__tar_='pax -L -x $1 -w "$tardir"' | |
1755 | am__untar='pax -r' | |
1756 | ;; | |
1757 | cpio) | |
1758 | am__tar='find "$$tardir" -print | cpio -o -H $1 -L' | |
1759 | am__tar_='find "$tardir" -print | cpio -o -H $1 -L' | |
1760 | am__untar='cpio -i -H $1 -d' | |
1761 | ;; | |
1762 | none) | |
1763 | am__tar=false | |
1764 | am__tar_=false | |
1765 | am__untar=false | |
1766 | ;; | |
1767 | esac | |
1768 | ||
1769 | # If the value was cached, stop now. We just wanted to have am__tar | |
1770 | # and am__untar set. | |
1771 | test -n "${am_cv_prog_tar_$1}" && break | |
1772 | ||
1773 | # tar/untar a dummy directory, and stop if the command works. | |
1774 | rm -rf conftest.dir | |
1775 | mkdir conftest.dir | |
1776 | echo GrepMe > conftest.dir/file | |
1777 | AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) | |
1778 | rm -rf conftest.dir | |
1779 | if test -s conftest.tar; then | |
1780 | AM_RUN_LOG([$am__untar <conftest.tar]) | |
1781 | AM_RUN_LOG([cat conftest.dir/file]) | |
1782 | grep GrepMe conftest.dir/file >/dev/null 2>&1 && break | |
1783 | fi | |
1784 | done | |
1738 | 1785 | rm -rf conftest.dir |
1739 | mkdir conftest.dir | |
1740 | echo GrepMe > conftest.dir/file | |
1741 | AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) | |
1742 | rm -rf conftest.dir | |
1743 | if test -s conftest.tar; then | |
1744 | AM_RUN_LOG([$am__untar <conftest.tar]) | |
1745 | grep GrepMe conftest.dir/file >/dev/null 2>&1 && break | |
1746 | fi | |
1747 | done | |
1748 | rm -rf conftest.dir | |
1749 | ||
1750 | AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) | |
1751 | AC_MSG_RESULT([$am_cv_prog_tar_$1])]) | |
1786 | ||
1787 | AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) | |
1788 | AC_MSG_RESULT([$am_cv_prog_tar_$1])]) | |
1789 | ||
1752 | 1790 | AC_SUBST([am__tar]) |
1753 | 1791 | AC_SUBST([am__untar]) |
1754 | 1792 | ]) # _AM_PROG_TAR |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
13 | 13 | |
14 | 14 | @SET_MAKE@ |
15 | 15 | VPATH = @srcdir@ |
16 | am__make_dryrun = \ | |
17 | { \ | |
18 | am__dry=no; \ | |
16 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
17 | am__make_running_with_option = \ | |
18 | case $${target_option-} in \ | |
19 | ?) ;; \ | |
20 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
21 | "target option '$${target_option-}' specified" >&2; \ | |
22 | exit 1;; \ | |
23 | esac; \ | |
24 | has_opt=no; \ | |
25 | sane_makeflags=$$MAKEFLAGS; \ | |
26 | if $(am__is_gnu_make); then \ | |
27 | sane_makeflags=$$MFLAGS; \ | |
28 | else \ | |
19 | 29 | case $$MAKEFLAGS in \ |
20 | 30 | *\\[\ \ ]*) \ |
21 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
22 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
23 | *) \ | |
24 | for am__flg in $$MAKEFLAGS; do \ | |
25 | case $$am__flg in \ | |
26 | *=*|--*) ;; \ | |
27 | *n*) am__dry=yes; break;; \ | |
28 | esac; \ | |
29 | done;; \ | |
31 | bs=\\; \ | |
32 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
33 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
30 | 34 | esac; \ |
31 | test $$am__dry = yes; \ | |
32 | } | |
35 | fi; \ | |
36 | skip_next=no; \ | |
37 | strip_trailopt () \ | |
38 | { \ | |
39 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
40 | }; \ | |
41 | for flg in $$sane_makeflags; do \ | |
42 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
43 | case $$flg in \ | |
44 | *=*|--*) continue;; \ | |
45 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
46 | -*I?*) strip_trailopt 'I';; \ | |
47 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
48 | -*O?*) strip_trailopt 'O';; \ | |
49 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
50 | -*l?*) strip_trailopt 'l';; \ | |
51 | -[dEDm]) skip_next=yes;; \ | |
52 | -[JT]) skip_next=yes;; \ | |
53 | esac; \ | |
54 | case $$flg in \ | |
55 | *$$target_option*) has_opt=yes; break;; \ | |
56 | esac; \ | |
57 | done; \ | |
58 | test $$has_opt = yes | |
59 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
60 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
33 | 61 | pkgdatadir = $(datadir)/@PACKAGE@ |
34 | 62 | pkgincludedir = $(includedir)/@PACKAGE@ |
35 | 63 | pkglibdir = $(libdir)/@PACKAGE@ |
0 | 0 | #! /bin/sh |
1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
2 | # Generated by GNU Autoconf 2.69 for realmd 0.14.2. | |
2 | # Generated by GNU Autoconf 2.69 for realmd 0.14.5. | |
3 | 3 | # |
4 | 4 | # Report bugs to <http://bugs.freedesktop.org/enter_bug.cgi?product=realmd>. |
5 | 5 | # |
580 | 580 | # Identity of this package. |
581 | 581 | PACKAGE_NAME='realmd' |
582 | 582 | PACKAGE_TARNAME='realmd' |
583 | PACKAGE_VERSION='0.14.2' | |
584 | PACKAGE_STRING='realmd 0.14.2' | |
583 | PACKAGE_VERSION='0.14.5' | |
584 | PACKAGE_STRING='realmd 0.14.5' | |
585 | 585 | PACKAGE_BUGREPORT='http://bugs.freedesktop.org/enter_bug.cgi?product=realmd' |
586 | 586 | PACKAGE_URL='' |
587 | 587 | |
1376 | 1376 | # Omit some internal or obsolete options to make the list less imposing. |
1377 | 1377 | # This message is too long to be a string in the A/UX 3.1 sh. |
1378 | 1378 | cat <<_ACEOF |
1379 | \`configure' configures realmd 0.14.2 to adapt to many kinds of systems. | |
1379 | \`configure' configures realmd 0.14.5 to adapt to many kinds of systems. | |
1380 | 1380 | |
1381 | 1381 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1382 | 1382 | |
1442 | 1442 | |
1443 | 1443 | if test -n "$ac_init_help"; then |
1444 | 1444 | case $ac_init_help in |
1445 | short | recursive ) echo "Configuration of realmd 0.14.2:";; | |
1445 | short | recursive ) echo "Configuration of realmd 0.14.5:";; | |
1446 | 1446 | esac |
1447 | 1447 | cat <<\_ACEOF |
1448 | 1448 | |
1573 | 1573 | test -n "$ac_init_help" && exit $ac_status |
1574 | 1574 | if $ac_init_version; then |
1575 | 1575 | cat <<\_ACEOF |
1576 | realmd configure 0.14.2 | |
1576 | realmd configure 0.14.5 | |
1577 | 1577 | generated by GNU Autoconf 2.69 |
1578 | 1578 | |
1579 | 1579 | Copyright (C) 2012 Free Software Foundation, Inc. |
1942 | 1942 | This file contains any messages produced by compilers while |
1943 | 1943 | running configure, to aid debugging if configure makes a mistake. |
1944 | 1944 | |
1945 | It was created by realmd $as_me 0.14.2, which was | |
1945 | It was created by realmd $as_me 0.14.5, which was | |
1946 | 1946 | generated by GNU Autoconf 2.69. Invocation command line was |
1947 | 1947 | |
1948 | 1948 | $ $0 $@ |
2809 | 2809 | |
2810 | 2810 | # Define the identity of the package. |
2811 | 2811 | PACKAGE='realmd' |
2812 | VERSION='0.14.2' | |
2812 | VERSION='0.14.5' | |
2813 | 2813 | |
2814 | 2814 | |
2815 | 2815 | cat >>confdefs.h <<_ACEOF |
2850 | 2850 | AMTAR='$${TAR-tar}' |
2851 | 2851 | |
2852 | 2852 | |
2853 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5 | |
2853 | # We'll loop over all known methods to create a tar archive until one works. | |
2854 | _am_tools='gnutar plaintar pax cpio none' | |
2855 | ||
2856 | # The POSIX 1988 'ustar' format is defined with fixed-size fields. | |
2857 | # There is notably a 21 bits limit for the UID and the GID. In fact, | |
2858 | # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 | |
2859 | # and bug#13588). | |
2860 | am_max_uid=2097151 # 2^21 - 1 | |
2861 | am_max_gid=$am_max_uid | |
2862 | # The $UID and $GID variables are not portable, so we need to resort | |
2863 | # to the POSIX-mandated id(1) utility. Errors in the 'id' calls | |
2864 | # below are definitely unexpected, so allow the users to see them | |
2865 | # (that is, avoid stderr redirection). | |
2866 | am_uid=`id -u || echo unknown` | |
2867 | am_gid=`id -g || echo unknown` | |
2868 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UID '$am_uid' is supported by ustar format" >&5 | |
2869 | $as_echo_n "checking whether UID '$am_uid' is supported by ustar format... " >&6; } | |
2870 | if test $am_uid -le $am_max_uid; then | |
2871 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
2872 | $as_echo "yes" >&6; } | |
2873 | else | |
2874 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
2875 | $as_echo "no" >&6; } | |
2876 | _am_tools=none | |
2877 | fi | |
2878 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GID '$am_gid' is supported by ustar format" >&5 | |
2879 | $as_echo_n "checking whether GID '$am_gid' is supported by ustar format... " >&6; } | |
2880 | if test $am_gid -le $am_max_gid; then | |
2881 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
2882 | $as_echo "yes" >&6; } | |
2883 | else | |
2884 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
2885 | $as_echo "no" >&6; } | |
2886 | _am_tools=none | |
2887 | fi | |
2888 | ||
2889 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5 | |
2854 | 2890 | $as_echo_n "checking how to create a ustar tar archive... " >&6; } |
2855 | # Loop over all known methods to create a tar archive until one works. | |
2856 | _am_tools='gnutar plaintar pax cpio none' | |
2857 | _am_tools=${am_cv_prog_tar_ustar-$_am_tools} | |
2858 | # Do not fold the above two line into one, because Tru64 sh and | |
2859 | # Solaris sh will not grok spaces in the rhs of '-'. | |
2860 | for _am_tool in $_am_tools | |
2861 | do | |
2862 | case $_am_tool in | |
2863 | gnutar) | |
2864 | for _am_tar in tar gnutar gtar; | |
2865 | do | |
2866 | { echo "$as_me:$LINENO: $_am_tar --version" >&5 | |
2891 | ||
2892 | # Go ahead even if we have the value already cached. We do so because we | |
2893 | # need to set the values for the 'am__tar' and 'am__untar' variables. | |
2894 | _am_tools=${am_cv_prog_tar_ustar-$_am_tools} | |
2895 | ||
2896 | for _am_tool in $_am_tools; do | |
2897 | case $_am_tool in | |
2898 | gnutar) | |
2899 | for _am_tar in tar gnutar gtar; do | |
2900 | { echo "$as_me:$LINENO: $_am_tar --version" >&5 | |
2867 | 2901 | ($_am_tar --version) >&5 2>&5 |
2868 | 2902 | ac_status=$? |
2869 | 2903 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
2870 | 2904 | (exit $ac_status); } && break |
2871 | done | |
2872 | am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"' | |
2873 | am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"' | |
2874 | am__untar="$_am_tar -xf -" | |
2875 | ;; | |
2876 | plaintar) | |
2877 | # Must skip GNU tar: if it does not support --format= it doesn't create | |
2878 | # ustar tarball either. | |
2879 | (tar --version) >/dev/null 2>&1 && continue | |
2880 | am__tar='tar chf - "$$tardir"' | |
2881 | am__tar_='tar chf - "$tardir"' | |
2882 | am__untar='tar xf -' | |
2883 | ;; | |
2884 | pax) | |
2885 | am__tar='pax -L -x ustar -w "$$tardir"' | |
2886 | am__tar_='pax -L -x ustar -w "$tardir"' | |
2887 | am__untar='pax -r' | |
2888 | ;; | |
2889 | cpio) | |
2890 | am__tar='find "$$tardir" -print | cpio -o -H ustar -L' | |
2891 | am__tar_='find "$tardir" -print | cpio -o -H ustar -L' | |
2892 | am__untar='cpio -i -H ustar -d' | |
2893 | ;; | |
2894 | none) | |
2895 | am__tar=false | |
2896 | am__tar_=false | |
2897 | am__untar=false | |
2898 | ;; | |
2899 | esac | |
2900 | ||
2901 | # If the value was cached, stop now. We just wanted to have am__tar | |
2902 | # and am__untar set. | |
2903 | test -n "${am_cv_prog_tar_ustar}" && break | |
2904 | ||
2905 | # tar/untar a dummy directory, and stop if the command works | |
2906 | rm -rf conftest.dir | |
2907 | mkdir conftest.dir | |
2908 | echo GrepMe > conftest.dir/file | |
2909 | { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 | |
2905 | done | |
2906 | am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"' | |
2907 | am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"' | |
2908 | am__untar="$_am_tar -xf -" | |
2909 | ;; | |
2910 | plaintar) | |
2911 | # Must skip GNU tar: if it does not support --format= it doesn't create | |
2912 | # ustar tarball either. | |
2913 | (tar --version) >/dev/null 2>&1 && continue | |
2914 | am__tar='tar chf - "$$tardir"' | |
2915 | am__tar_='tar chf - "$tardir"' | |
2916 | am__untar='tar xf -' | |
2917 | ;; | |
2918 | pax) | |
2919 | am__tar='pax -L -x ustar -w "$$tardir"' | |
2920 | am__tar_='pax -L -x ustar -w "$tardir"' | |
2921 | am__untar='pax -r' | |
2922 | ;; | |
2923 | cpio) | |
2924 | am__tar='find "$$tardir" -print | cpio -o -H ustar -L' | |
2925 | am__tar_='find "$tardir" -print | cpio -o -H ustar -L' | |
2926 | am__untar='cpio -i -H ustar -d' | |
2927 | ;; | |
2928 | none) | |
2929 | am__tar=false | |
2930 | am__tar_=false | |
2931 | am__untar=false | |
2932 | ;; | |
2933 | esac | |
2934 | ||
2935 | # If the value was cached, stop now. We just wanted to have am__tar | |
2936 | # and am__untar set. | |
2937 | test -n "${am_cv_prog_tar_ustar}" && break | |
2938 | ||
2939 | # tar/untar a dummy directory, and stop if the command works. | |
2940 | rm -rf conftest.dir | |
2941 | mkdir conftest.dir | |
2942 | echo GrepMe > conftest.dir/file | |
2943 | { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 | |
2910 | 2944 | (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5 |
2911 | 2945 | ac_status=$? |
2912 | 2946 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
2913 | 2947 | (exit $ac_status); } |
2914 | rm -rf conftest.dir | |
2915 | if test -s conftest.tar; then | |
2916 | { echo "$as_me:$LINENO: $am__untar <conftest.tar" >&5 | |
2948 | rm -rf conftest.dir | |
2949 | if test -s conftest.tar; then | |
2950 | { echo "$as_me:$LINENO: $am__untar <conftest.tar" >&5 | |
2917 | 2951 | ($am__untar <conftest.tar) >&5 2>&5 |
2918 | 2952 | ac_status=$? |
2919 | 2953 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
2920 | 2954 | (exit $ac_status); } |
2921 | grep GrepMe conftest.dir/file >/dev/null 2>&1 && break | |
2922 | fi | |
2923 | done | |
2924 | rm -rf conftest.dir | |
2925 | ||
2926 | if ${am_cv_prog_tar_ustar+:} false; then : | |
2955 | { echo "$as_me:$LINENO: cat conftest.dir/file" >&5 | |
2956 | (cat conftest.dir/file) >&5 2>&5 | |
2957 | ac_status=$? | |
2958 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | |
2959 | (exit $ac_status); } | |
2960 | grep GrepMe conftest.dir/file >/dev/null 2>&1 && break | |
2961 | fi | |
2962 | done | |
2963 | rm -rf conftest.dir | |
2964 | ||
2965 | if ${am_cv_prog_tar_ustar+:} false; then : | |
2927 | 2966 | $as_echo_n "(cached) " >&6 |
2928 | 2967 | else |
2929 | 2968 | am_cv_prog_tar_ustar=$_am_tool |
2930 | 2969 | fi |
2931 | 2970 | |
2932 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5 | |
2971 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5 | |
2933 | 2972 | $as_echo "$am_cv_prog_tar_ustar" >&6; } |
2973 | ||
2934 | 2974 | |
2935 | 2975 | |
2936 | 2976 | |
8955 | 8995 | # report actual input values of CONFIG_FILES etc. instead of their |
8956 | 8996 | # values after options handling. |
8957 | 8997 | ac_log=" |
8958 | This file was extended by realmd $as_me 0.14.2, which was | |
8998 | This file was extended by realmd $as_me 0.14.5, which was | |
8959 | 8999 | generated by GNU Autoconf 2.69. Invocation command line was |
8960 | 9000 | |
8961 | 9001 | CONFIG_FILES = $CONFIG_FILES |
9021 | 9061 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
9022 | 9062 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
9023 | 9063 | ac_cs_version="\\ |
9024 | realmd config.status 0.14.2 | |
9064 | realmd config.status 0.14.5 | |
9025 | 9065 | configured by $0, generated by GNU Autoconf 2.69, |
9026 | 9066 | with options \\"\$ac_cs_config\\" |
9027 | 9067 | |
9815 | 9855 | DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` |
9816 | 9856 | test -z "$DEPDIR" && continue |
9817 | 9857 | am__include=`sed -n 's/^am__include = //p' < "$mf"` |
9818 | test -z "am__include" && continue | |
9858 | test -z "$am__include" && continue | |
9819 | 9859 | am__quote=`sed -n 's/^am__quote = //p' < "$mf"` |
9820 | 9860 | # Find all dependency output files, they are included files with |
9821 | 9861 | # $(DEPDIR) in their names. We invoke sed twice because it is the |
0 | 0 | AC_PREREQ(2.63) |
1 | 1 | |
2 | AC_INIT([realmd], [0.14.2], | |
2 | AC_INIT([realmd], [0.14.5], | |
3 | 3 | [http://bugs.freedesktop.org/enter_bug.cgi?product=realmd], |
4 | 4 | [realmd]) |
5 | 5 |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
15 | 15 | |
16 | 16 | |
17 | 17 | VPATH = @srcdir@ |
18 | am__make_dryrun = \ | |
19 | { \ | |
20 | am__dry=no; \ | |
18 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
19 | am__make_running_with_option = \ | |
20 | case $${target_option-} in \ | |
21 | ?) ;; \ | |
22 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
23 | "target option '$${target_option-}' specified" >&2; \ | |
24 | exit 1;; \ | |
25 | esac; \ | |
26 | has_opt=no; \ | |
27 | sane_makeflags=$$MAKEFLAGS; \ | |
28 | if $(am__is_gnu_make); then \ | |
29 | sane_makeflags=$$MFLAGS; \ | |
30 | else \ | |
21 | 31 | case $$MAKEFLAGS in \ |
22 | 32 | *\\[\ \ ]*) \ |
23 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
24 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
25 | *) \ | |
26 | for am__flg in $$MAKEFLAGS; do \ | |
27 | case $$am__flg in \ | |
28 | *=*|--*) ;; \ | |
29 | *n*) am__dry=yes; break;; \ | |
30 | esac; \ | |
31 | done;; \ | |
33 | bs=\\; \ | |
34 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
35 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
32 | 36 | esac; \ |
33 | test $$am__dry = yes; \ | |
34 | } | |
37 | fi; \ | |
38 | skip_next=no; \ | |
39 | strip_trailopt () \ | |
40 | { \ | |
41 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
42 | }; \ | |
43 | for flg in $$sane_makeflags; do \ | |
44 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
45 | case $$flg in \ | |
46 | *=*|--*) continue;; \ | |
47 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
48 | -*I?*) strip_trailopt 'I';; \ | |
49 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
50 | -*O?*) strip_trailopt 'O';; \ | |
51 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
52 | -*l?*) strip_trailopt 'l';; \ | |
53 | -[dEDm]) skip_next=yes;; \ | |
54 | -[JT]) skip_next=yes;; \ | |
55 | esac; \ | |
56 | case $$flg in \ | |
57 | *$$target_option*) has_opt=yes; break;; \ | |
58 | esac; \ | |
59 | done; \ | |
60 | test $$has_opt = yes | |
61 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
62 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
35 | 63 | pkgdatadir = $(datadir)/@PACKAGE@ |
36 | 64 | pkgincludedir = $(includedir)/@PACKAGE@ |
37 | 65 | pkglibdir = $(libdir)/@PACKAGE@ |
434 | 462 | |
435 | 463 | clean-noinstLIBRARIES: |
436 | 464 | -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) |
465 | ||
437 | 466 | librealm-dbus.a: $(librealm_dbus_a_OBJECTS) $(librealm_dbus_a_DEPENDENCIES) $(EXTRA_librealm_dbus_a_DEPENDENCIES) |
438 | 467 | $(AM_V_at)-rm -f librealm-dbus.a |
439 | 468 | $(AM_V_AR)$(librealm_dbus_a_AR) librealm-dbus.a $(librealm_dbus_a_OBJECTS) $(librealm_dbus_a_LIBADD) |
67 | 67 | |
68 | 68 | #define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory" |
69 | 69 | #define REALM_DBUS_IDENTIFIER_WINBIND "winbind" |
70 | #define REALM_DBUS_IDENTIFIER_IPA "ipa" | |
70 | 71 | #define REALM_DBUS_IDENTIFIER_FREEIPA "freeipa" |
71 | 72 | #define REALM_DBUS_IDENTIFIER_SSSD "sssd" |
72 | 73 | #define REALM_DBUS_IDENTIFIER_SAMBA "samba" |
0 | 0 | #! /bin/sh |
1 | 1 | # depcomp - compile a program generating dependencies as side-effects |
2 | 2 | |
3 | scriptversion=2012-10-18.11; # UTC | |
3 | scriptversion=2013-05-30.07; # UTC | |
4 | 4 | |
5 | 5 | # Copyright (C) 1999-2013 Free Software Foundation, Inc. |
6 | 6 | |
551 | 551 | G |
552 | 552 | p |
553 | 553 | }' >> "$depfile" |
554 | echo >> "$depfile" # make sure the fragment doesn't end with a backslash | |
554 | 555 | rm -f "$tmpdepfile" |
555 | 556 | ;; |
556 | 557 |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
13 | 13 | |
14 | 14 | @SET_MAKE@ |
15 | 15 | VPATH = @srcdir@ |
16 | am__make_dryrun = \ | |
17 | { \ | |
18 | am__dry=no; \ | |
16 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
17 | am__make_running_with_option = \ | |
18 | case $${target_option-} in \ | |
19 | ?) ;; \ | |
20 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
21 | "target option '$${target_option-}' specified" >&2; \ | |
22 | exit 1;; \ | |
23 | esac; \ | |
24 | has_opt=no; \ | |
25 | sane_makeflags=$$MAKEFLAGS; \ | |
26 | if $(am__is_gnu_make); then \ | |
27 | sane_makeflags=$$MFLAGS; \ | |
28 | else \ | |
19 | 29 | case $$MAKEFLAGS in \ |
20 | 30 | *\\[\ \ ]*) \ |
21 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
22 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
23 | *) \ | |
24 | for am__flg in $$MAKEFLAGS; do \ | |
25 | case $$am__flg in \ | |
26 | *=*|--*) ;; \ | |
27 | *n*) am__dry=yes; break;; \ | |
28 | esac; \ | |
29 | done;; \ | |
31 | bs=\\; \ | |
32 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
33 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
30 | 34 | esac; \ |
31 | test $$am__dry = yes; \ | |
32 | } | |
35 | fi; \ | |
36 | skip_next=no; \ | |
37 | strip_trailopt () \ | |
38 | { \ | |
39 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
40 | }; \ | |
41 | for flg in $$sane_makeflags; do \ | |
42 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
43 | case $$flg in \ | |
44 | *=*|--*) continue;; \ | |
45 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
46 | -*I?*) strip_trailopt 'I';; \ | |
47 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
48 | -*O?*) strip_trailopt 'O';; \ | |
49 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
50 | -*l?*) strip_trailopt 'l';; \ | |
51 | -[dEDm]) skip_next=yes;; \ | |
52 | -[JT]) skip_next=yes;; \ | |
53 | esac; \ | |
54 | case $$flg in \ | |
55 | *$$target_option*) has_opt=yes; break;; \ | |
56 | esac; \ | |
57 | done; \ | |
58 | test $$has_opt = yes | |
59 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
60 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
33 | 61 | pkgdatadir = $(datadir)/@PACKAGE@ |
34 | 62 | pkgincludedir = $(includedir)/@PACKAGE@ |
35 | 63 | pkglibdir = $(libdir)/@PACKAGE@ |
339 | 367 | # (which will cause the Makefiles to be regenerated when you run 'make'); |
340 | 368 | # (2) otherwise, pass the desired values on the 'make' command line. |
341 | 369 | $(am__recursive_targets): |
342 | @fail= failcom='exit 1'; \ | |
343 | for f in x $$MAKEFLAGS; do \ | |
344 | case $$f in \ | |
345 | *=* | --[!k]*);; \ | |
346 | *k*) failcom='fail=yes';; \ | |
347 | esac; \ | |
348 | done; \ | |
370 | @fail=; \ | |
371 | if $(am__make_keepgoing); then \ | |
372 | failcom='fail=yes'; \ | |
373 | else \ | |
374 | failcom='exit 1'; \ | |
375 | fi; \ | |
349 | 376 | dot_seen=no; \ |
350 | 377 | target=`echo $@ | sed s/-recursive//`; \ |
351 | 378 | case "$@" in \ |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
13 | 13 | |
14 | 14 | @SET_MAKE@ |
15 | 15 | VPATH = @srcdir@ |
16 | am__make_dryrun = \ | |
17 | { \ | |
18 | am__dry=no; \ | |
16 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
17 | am__make_running_with_option = \ | |
18 | case $${target_option-} in \ | |
19 | ?) ;; \ | |
20 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
21 | "target option '$${target_option-}' specified" >&2; \ | |
22 | exit 1;; \ | |
23 | esac; \ | |
24 | has_opt=no; \ | |
25 | sane_makeflags=$$MAKEFLAGS; \ | |
26 | if $(am__is_gnu_make); then \ | |
27 | sane_makeflags=$$MFLAGS; \ | |
28 | else \ | |
19 | 29 | case $$MAKEFLAGS in \ |
20 | 30 | *\\[\ \ ]*) \ |
21 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
22 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
23 | *) \ | |
24 | for am__flg in $$MAKEFLAGS; do \ | |
25 | case $$am__flg in \ | |
26 | *=*|--*) ;; \ | |
27 | *n*) am__dry=yes; break;; \ | |
28 | esac; \ | |
29 | done;; \ | |
31 | bs=\\; \ | |
32 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
33 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
30 | 34 | esac; \ |
31 | test $$am__dry = yes; \ | |
32 | } | |
35 | fi; \ | |
36 | skip_next=no; \ | |
37 | strip_trailopt () \ | |
38 | { \ | |
39 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
40 | }; \ | |
41 | for flg in $$sane_makeflags; do \ | |
42 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
43 | case $$flg in \ | |
44 | *=*|--*) continue;; \ | |
45 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
46 | -*I?*) strip_trailopt 'I';; \ | |
47 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
48 | -*O?*) strip_trailopt 'O';; \ | |
49 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
50 | -*l?*) strip_trailopt 'l';; \ | |
51 | -[dEDm]) skip_next=yes;; \ | |
52 | -[JT]) skip_next=yes;; \ | |
53 | esac; \ | |
54 | case $$flg in \ | |
55 | *$$target_option*) has_opt=yes; break;; \ | |
56 | esac; \ | |
57 | done; \ | |
58 | test $$has_opt = yes | |
59 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
60 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
33 | 61 | pkgdatadir = $(datadir)/@PACKAGE@ |
34 | 62 | pkgincludedir = $(includedir)/@PACKAGE@ |
35 | 63 | pkglibdir = $(libdir)/@PACKAGE@ |
52 | 52 | <listitem><para>winbind client software (with samba membership software).</para></listitem> |
53 | 53 | </itemizedlist> |
54 | 54 | |
55 | <para>For freeipa server software, realmd supports:</para> | |
56 | <itemizedlist> | |
57 | <listitem><para>sssd client software (with 'freeipa' membership software).</para></listitem> | |
55 | <para>For IPA server software, realmd supports:</para> | |
56 | <itemizedlist> | |
57 | <listitem><para>sssd client software (with 'ipa' membership software).</para></listitem> | |
58 | 58 | </itemizedlist> |
59 | 59 | </section> |
60 | 60 | |
187 | 187 | <itemizedlist> |
188 | 188 | <listitem><para>{sssd, active-directory, samba}</para></listitem> |
189 | 189 | <listitem><para>{sssd, active-directory, adcli}</para></listitem> |
190 | <listitem><para>{sssd, freeipa, freeipa}</para></listitem> | |
190 | <listitem><para>{sssd, ipa, ipa}</para></listitem> | |
191 | 191 | </itemizedlist> |
192 | 192 | </listitem> |
193 | 193 | </itemizedlist> |
280 | 280 | <itemizedlist> |
281 | 281 | <title>RealmSssdIpa</title> |
282 | 282 | <listitem><para>has a dynamically generated object path upon realm creation.</para></listitem> |
283 | <listitem><para>membership software supported: freeipa</para></listitem> | |
283 | <listitem><para>membership software supported: ipa</para></listitem> | |
284 | 284 | <listitem><para>config file modified: sssd.conf</para></listitem> |
285 | 285 | <listitem><para>required_packages: sssd, freeipa-client</para></listitem> |
286 | 286 | <listitem><para>credentials supported: </para> |
14 | 14 | |
15 | 15 | CONTENT_INCLUDES = \ |
16 | 16 | realmd-guide-active-directory.xml \ |
17 | realmd-guide-freeipa.xml \ | |
17 | realmd-guide-ipa.xml \ | |
18 | 18 | realmd-guide-kerberos.xml \ |
19 | 19 | $(NULL) |
20 | 20 |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
13 | 13 | |
14 | 14 | @SET_MAKE@ |
15 | 15 | VPATH = @srcdir@ |
16 | am__make_dryrun = \ | |
17 | { \ | |
18 | am__dry=no; \ | |
16 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
17 | am__make_running_with_option = \ | |
18 | case $${target_option-} in \ | |
19 | ?) ;; \ | |
20 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
21 | "target option '$${target_option-}' specified" >&2; \ | |
22 | exit 1;; \ | |
23 | esac; \ | |
24 | has_opt=no; \ | |
25 | sane_makeflags=$$MAKEFLAGS; \ | |
26 | if $(am__is_gnu_make); then \ | |
27 | sane_makeflags=$$MFLAGS; \ | |
28 | else \ | |
19 | 29 | case $$MAKEFLAGS in \ |
20 | 30 | *\\[\ \ ]*) \ |
21 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
22 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
23 | *) \ | |
24 | for am__flg in $$MAKEFLAGS; do \ | |
25 | case $$am__flg in \ | |
26 | *=*|--*) ;; \ | |
27 | *n*) am__dry=yes; break;; \ | |
28 | esac; \ | |
29 | done;; \ | |
31 | bs=\\; \ | |
32 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
33 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
30 | 34 | esac; \ |
31 | test $$am__dry = yes; \ | |
32 | } | |
35 | fi; \ | |
36 | skip_next=no; \ | |
37 | strip_trailopt () \ | |
38 | { \ | |
39 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
40 | }; \ | |
41 | for flg in $$sane_makeflags; do \ | |
42 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
43 | case $$flg in \ | |
44 | *=*|--*) continue;; \ | |
45 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
46 | -*I?*) strip_trailopt 'I';; \ | |
47 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
48 | -*O?*) strip_trailopt 'O';; \ | |
49 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
50 | -*l?*) strip_trailopt 'l';; \ | |
51 | -[dEDm]) skip_next=yes;; \ | |
52 | -[JT]) skip_next=yes;; \ | |
53 | esac; \ | |
54 | case $$flg in \ | |
55 | *$$target_option*) has_opt=yes; break;; \ | |
56 | esac; \ | |
57 | done; \ | |
58 | test $$has_opt = yes | |
59 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
60 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
33 | 61 | pkgdatadir = $(datadir)/@PACKAGE@ |
34 | 62 | pkgincludedir = $(includedir)/@PACKAGE@ |
35 | 63 | pkglibdir = $(libdir)/@PACKAGE@ |
273 | 301 | DOCBOOK_FILE = realmd-docs.xml |
274 | 302 | CONTENT_INCLUDES = \ |
275 | 303 | realmd-guide-active-directory.xml \ |
276 | realmd-guide-freeipa.xml \ | |
304 | realmd-guide-ipa.xml \ | |
277 | 305 | realmd-guide-kerberos.xml \ |
278 | 306 | $(NULL) |
279 | 307 |
35 | 35 | <td valign="top" align="right"></td> |
36 | 36 | </tr></table></div> |
37 | 37 | <div class="refsect1"> |
38 | <a name="idm273578247744"></a><h2>Properties</h2> | |
38 | <a name="idm265575503360"></a><h2>Properties</h2> | |
39 | 39 | <pre class="synopsis"> |
40 | 40 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Kerberos.RealmName">RealmName</GTKDOCLINK> readable s |
41 | 41 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Kerberos.DomainName">DomainName</GTKDOCLINK> readable s |
45 | 45 | </pre> |
46 | 46 | </div> |
47 | 47 | <div class="refsect1"> |
48 | <a name="idm273579615712"></a><h2>Properties</h2> | |
48 | <a name="idm265573619696"></a><h2>Properties</h2> | |
49 | 49 | <pre class="synopsis"> |
50 | 50 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-KerberosMembership.SuggestedAdministrator">SuggestedAdministrator</GTKDOCLINK> readable s |
51 | 51 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-KerberosMembership.SupportedJoinCredentials">SupportedJoinCredentials</GTKDOCLINK> readable a(ss) |
45 | 45 | </pre> |
46 | 46 | </div> |
47 | 47 | <div class="refsect1"> |
48 | <a name="idm273586071328"></a><h2>Properties</h2> | |
48 | <a name="idm265573437056"></a><h2>Properties</h2> | |
49 | 49 | <pre class="synopsis"> |
50 | 50 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Provider.Name">Name</GTKDOCLINK> readable s |
51 | 51 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Provider.Version">Version</GTKDOCLINK> readable s |
46 | 46 | </pre> |
47 | 47 | </div> |
48 | 48 | <div class="refsect1"> |
49 | <a name="idm273580222128"></a><h2>Properties</h2> | |
49 | <a name="idm265572414016"></a><h2>Properties</h2> | |
50 | 50 | <pre class="synopsis"> |
51 | 51 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Realm.Name">Name</GTKDOCLINK> readable s |
52 | 52 | <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Realm.Configured">Configured</GTKDOCLINK> readable s |
44 | 44 | </pre> |
45 | 45 | </div> |
46 | 46 | <div class="refsect1"> |
47 | <a name="idm273581194128"></a><h2>Signals</h2> | |
47 | <a name="idm265578019376"></a><h2>Signals</h2> | |
48 | 48 | <pre class="synopsis"> |
49 | 49 | <GTKDOCLINK HREF="gdbus-signal-org-freedesktop-realmd-Service.Diagnostics">Diagnostics</GTKDOCLINK> (s data, |
50 | 50 | s operation); |
31 | 31 | By default SSSD is used.</p> |
32 | 32 | <div class="section"> |
33 | 33 | <div class="titlepage"><div><div><h3 class="title"> |
34 | <a name="idm273583734112"></a>Using SSSD with Active Directory</h3></div></div></div> | |
34 | <a name="idm265573031696"></a>Using SSSD with Active Directory</h3></div></div></div> | |
35 | 35 | <p><a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> |
36 | 36 | provides client software for various kerberos and/or LDAP |
37 | 37 | directories. Since version 1.9.x it provides good support |
49 | 49 | </div> |
50 | 50 | <div class="section"> |
51 | 51 | <div class="titlepage"><div><div><h3 class="title"> |
52 | <a name="idm273583027232"></a>Using Winbind with Active Directory</h3></div></div></div> | |
52 | <a name="idm265570004192"></a>Using Winbind with Active Directory</h3></div></div></div> | |
53 | 53 | <p>Samba |
54 | 54 | <a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a> |
55 | 55 | provides client software for use with Active Directory.</p> |
6 | 6 | <link rel="home" href="index.html" title="realmd"> |
7 | 7 | <link rel="up" href="guide-active-directory.html" title="Using with Active Directory"> |
8 | 8 | <link rel="prev" href="guide-active-directory-join.html" title="Joining an Active Directory domain"> |
9 | <link rel="next" href="guide-freeipa.html" title="Using with FreeIPA"> | |
9 | <link rel="next" href="guide-ipa.html" title="Using with IPA"> | |
10 | 10 | <link rel="stylesheet" href="style.css" type="text/css"> |
11 | 11 | </head> |
12 | 12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> |
15 | 15 | <td><a accesskey="u" href="guide-active-directory.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> |
16 | 16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> |
17 | 17 | <th width="100%" align="center">realmd</th> |
18 | <td><a accesskey="n" href="guide-freeipa.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
18 | <td><a accesskey="n" href="guide-ipa.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | 19 | </tr></table> |
20 | 20 | <div class="section"> |
21 | 21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
24 | 24 | <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt> |
25 | 25 | <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt> |
26 | 26 | <dd><dl> |
27 | <dt><span class="section"><a href="guide-active-directory-client.html#idm273583734112">Using SSSD with Active Directory</a></span></dt> | |
28 | <dt><span class="section"><a href="guide-active-directory-client.html#idm273583027232">Using Winbind with Active Directory</a></span></dt> | |
27 | <dt><span class="section"><a href="guide-active-directory-client.html#idm265573031696">Using SSSD with Active Directory</a></span></dt> | |
28 | <dt><span class="section"><a href="guide-active-directory-client.html#idm265570004192">Using Winbind with Active Directory</a></span></dt> | |
29 | 29 | </dl></dd> |
30 | 30 | <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt> |
31 | 31 | <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>FreeIPA client software</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide-freeipa.html" title="Using with FreeIPA"> | |
8 | <link rel="prev" href="guide-freeipa.html" title="Using with FreeIPA"> | |
9 | <link rel="next" href="guide-freeipa-join.html" title="Joining a FreeIPA domain"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-freeipa.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide-freeipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-freeipa-join.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="section"> | |
21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
22 | <a name="guide-freeipa-client"></a>FreeIPA client software</h2></div></div></div> | |
23 | <p>As part of configuring an FreeIPA domain for use | |
24 | on the local computer, <span class="command"><strong>realmd</strong></span> will install and | |
25 | configure client software to enable domain accounts to be used on | |
26 | the local computer.</p> | |
27 | <p>For a FreeIPA domain this is | |
28 | <a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>.</p> | |
29 | </div> | |
30 | <div class="footer"> | |
31 | <hr> | |
32 | Generated by GTK-Doc | |
33 | </div> | |
34 | </body> | |
35 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>Joining a FreeIPA domain</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide-freeipa.html" title="Using with FreeIPA"> | |
8 | <link rel="prev" href="guide-freeipa-client.html" title="FreeIPA client software"> | |
9 | <link rel="next" href="guide-freeipa-permit.html" title="Logins using Domain Accounts"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-freeipa-client.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide-freeipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-freeipa-permit.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="section"> | |
21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
22 | <a name="guide-freeipa-join"></a>Joining a FreeIPA domain</h2></div></div></div> | |
23 | <p>To join a FreeIPA domain with <span class="command"><strong>realmd</strong></span> | |
24 | you can use the <a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a> | |
25 | command line tool:</p> | |
26 | <div class="informalexample"><pre class="screen"> | |
27 | $ <span class="command"><strong>realm join --verbose ipa.example.com</strong></span> | |
28 | </pre></div> | |
29 | <p>By specifying the <code class="option">--verbose</code> it's easier | |
30 | to see what went wrong if the join fails.</p> | |
31 | <p>Other tools also use <span class="command"><strong>realmd</strong></span> which can | |
32 | be used to perform the join operation, for example: GNOME | |
33 | Control Center.</p> | |
34 | <p>The join operation does the following:</p> | |
35 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> | |
36 | <li class="listitem"><p>Discovers information about the domain.</p></li> | |
37 | <li class="listitem"><p>Installs the necessary software to join the domain, such as SSSD.</p></li> | |
38 | <li class="listitem"><p>Prompts for administrative credentials.</p></li> | |
39 | <li class="listitem"><p>A computer account in the domain will be created, and or updated.</p></li> | |
40 | <li class="listitem"><p>A host keytab file at <code class="filename">/etc/krb5.keytab</code> is created.</p></li> | |
41 | <li class="listitem"><p>Configures the SSSD service, and restarts and enables it as appropriate.</p></li> | |
42 | <li class="listitem"><p>Enables domain users in <code class="filename">/etc/nsswitch.conf</code></p></li> | |
43 | </ul></div> | |
44 | <p>In addition an FreeIPA domain server's host name | |
45 | or IP address may be specified to join via that domain controller | |
46 | directly.</p> | |
47 | <p>After the join operation is complete, domain accounts should | |
48 | be usable locally, although logins using domain accounts are | |
49 | not necessarily enabled.</p> | |
50 | <p>You verify that domain accounts are working with with a | |
51 | command like this:</p> | |
52 | <div class="informalexample"><pre class="screen"> | |
53 | $ <span class="command"><strong>getent passwd admin@ipa.example.com</strong></span> | |
54 | </pre></div> | |
55 | <p>The join operation will create or update a computer account | |
56 | in the domain.</p> | |
57 | </div> | |
58 | <div class="footer"> | |
59 | <hr> | |
60 | Generated by GTK-Doc | |
61 | </div> | |
62 | </body> | |
63 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>Logins using Domain Accounts</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide-freeipa.html" title="Using with FreeIPA"> | |
8 | <link rel="prev" href="guide-freeipa-join.html" title="Joining a FreeIPA domain"> | |
9 | <link rel="next" href="guide-kerberos.html" title="Using with other Kerberos realms"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-freeipa-join.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide-freeipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-kerberos.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="section"> | |
21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
22 | <a name="guide-freeipa-permit"></a>Logins using Domain Accounts</h2></div></div></div> | |
23 | <p>Once the | |
24 | <a class="link" href="guide-freeipa-join.html" title="Joining a FreeIPA domain">computer is joined</a> | |
25 | to a FreeIPA domain, the machine will automatically follow the | |
26 | domain settings for whether users are able to log into the | |
27 | machine or not.</p> | |
28 | <p>To override this behavior and permit any domain account | |
29 | to log in, use the following command.</p> | |
30 | <div class="informalexample"><pre class="screen"> | |
31 | $ <span class="command"><strong>realm permit --realm domain.example.com --all</strong></span> | |
32 | </pre></div> | |
33 | <p>To permit only specific accounts from the domain to log in | |
34 | use the following command. The first time this command is run | |
35 | it will change the mode to only allow logins by specific accounts, | |
36 | and then add the specified accounts to the list of accounts | |
37 | to permit.</p> | |
38 | <div class="informalexample"><pre class="screen"> | |
39 | $ <span class="command"><strong>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</strong></span> | |
40 | </pre></div> | |
41 | <p>To deny logins from any domain account, use the following | |
42 | command.</p> | |
43 | <div class="informalexample"><pre class="screen"> | |
44 | $ <span class="command"><strong>realm deny --realm domain.example.com --all</strong></span> | |
45 | </pre></div> | |
46 | </div> | |
47 | <div class="footer"> | |
48 | <hr> | |
49 | Generated by GTK-Doc | |
50 | </div> | |
51 | </body> | |
52 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>Using with FreeIPA</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide.html" title="Part I. Administrative Guide"> | |
8 | <link rel="prev" href="guide-active-directory-permit.html" title="Logins using Domain Accounts"> | |
9 | <link rel="next" href="guide-freeipa-client.html" title="FreeIPA client software"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-active-directory-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-freeipa-client.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="chapter"> | |
21 | <div class="titlepage"><div><div><h2 class="title"> | |
22 | <a name="guide-freeipa"></a>Using with FreeIPA</h2></div></div></div> | |
23 | <div class="toc"><dl class="toc"> | |
24 | <dt><span class="section"><a href="guide-freeipa.html#idm273582976032">Discovering FreeIPA domains</a></span></dt> | |
25 | <dt><span class="section"><a href="guide-freeipa-client.html">FreeIPA client software</a></span></dt> | |
26 | <dt><span class="section"><a href="guide-freeipa-join.html">Joining a FreeIPA domain</a></span></dt> | |
27 | <dt><span class="section"><a href="guide-freeipa-permit.html">Logins using Domain Accounts</a></span></dt> | |
28 | </dl></div> | |
29 | <p><span class="command"><strong>realmd</strong></span> can discover FreeIPA domains and join | |
30 | the current computer as an account on a domain. This allows using domain | |
31 | users locally, and log into the local machine with FreeIPA domain | |
32 | credentials.</p> | |
33 | <div class="section"> | |
34 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
35 | <a name="idm273582976032"></a>Discovering FreeIPA domains</h2></div></div></div> | |
36 | <p><span class="command"><strong>realmd</strong></span> discovers which domains or | |
37 | realms it can use or configure. It can discover and identify | |
38 | FreeIPA domains by looking up the appropriate DNS SRV | |
39 | records and by connecting to the domain LDAP server.</p> | |
40 | <p>The following DNS SRV records are required to be present | |
41 | for <span class="command"><strong>realmd</strong></span> to identify a provided realm as | |
42 | an Kerberos domain.</p> | |
43 | <div class="informalexample"><pre class="screen"> | |
44 | # In this example the FreeIPA domain is 'domain.example.com' | |
45 | <span class="emphasis"><em>_ldap._tcp.</em></span>domain.example.com. | |
46 | </pre></div> | |
47 | <p>In addition <span class="command"><strong>realmd</strong></span> connects to the LDAP | |
48 | server on the FreeIPA domain server's on port 389 and reads the | |
49 | Root DSE information about the domain.</p> | |
50 | <p>To see how <span class="command"><strong>realmd</strong></span> is discovering a | |
51 | particular domain name, try a command like the following. Using | |
52 | the <code class="option">--verbose</code> argument displays verbose | |
53 | discovery information.</p> | |
54 | <div class="informalexample"><pre class="screen"> | |
55 | $ <span class="command"><strong>realm --verbose discover domain.example.com</strong></span> | |
56 | * Resolving: _ldap._tcp.dc._msdcs.domain.example.com | |
57 | * Resolving: _ldap._tcp.domain.example.com | |
58 | * Performing LDAP DSE lookup on: 192.168.10.22 | |
59 | * Successfully discovered: domain.example.com | |
60 | ... | |
61 | </pre></div> | |
62 | <p>In addition a FreeIPA domain server's host name | |
63 | or IP address may be specified.</p> | |
64 | </div> | |
65 | </div> | |
66 | <div class="footer"> | |
67 | <hr> | |
68 | Generated by GTK-Doc | |
69 | </div> | |
70 | </body> | |
71 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>IPA client software</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide-ipa.html" title="Using with IPA"> | |
8 | <link rel="prev" href="guide-ipa.html" title="Using with IPA"> | |
9 | <link rel="next" href="guide-ipa-join.html" title="Joining a IPA domain"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-ipa.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-ipa-join.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="section"> | |
21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
22 | <a name="guide-ipa-client"></a>IPA client software</h2></div></div></div> | |
23 | <p>As part of configuring an IPA domain for use | |
24 | on the local computer, <span class="command"><strong>realmd</strong></span> will install and | |
25 | configure client software to enable domain accounts to be used on | |
26 | the local computer.</p> | |
27 | <p>For a IPA domain this is | |
28 | <a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>.</p> | |
29 | </div> | |
30 | <div class="footer"> | |
31 | <hr> | |
32 | Generated by GTK-Doc | |
33 | </div> | |
34 | </body> | |
35 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>Joining a IPA domain</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide-ipa.html" title="Using with IPA"> | |
8 | <link rel="prev" href="guide-ipa-client.html" title="IPA client software"> | |
9 | <link rel="next" href="guide-ipa-permit.html" title="Logins using Domain Accounts"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-ipa-client.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-ipa-permit.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="section"> | |
21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
22 | <a name="guide-ipa-join"></a>Joining a IPA domain</h2></div></div></div> | |
23 | <p>To join a IPA domain with <span class="command"><strong>realmd</strong></span> | |
24 | you can use the <a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a> | |
25 | command line tool:</p> | |
26 | <div class="informalexample"><pre class="screen"> | |
27 | $ <span class="command"><strong>realm join --verbose ipa.example.com</strong></span> | |
28 | </pre></div> | |
29 | <p>By specifying the <code class="option">--verbose</code> it's easier | |
30 | to see what went wrong if the join fails.</p> | |
31 | <p>Other tools also use <span class="command"><strong>realmd</strong></span> which can | |
32 | be used to perform the join operation, for example: GNOME | |
33 | Control Center.</p> | |
34 | <p>The join operation does the following:</p> | |
35 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> | |
36 | <li class="listitem"><p>Discovers information about the domain.</p></li> | |
37 | <li class="listitem"><p>Installs the necessary software to join the domain, such as SSSD.</p></li> | |
38 | <li class="listitem"><p>Prompts for administrative credentials.</p></li> | |
39 | <li class="listitem"><p>A computer account in the domain will be created, and or updated.</p></li> | |
40 | <li class="listitem"><p>A host keytab file at <code class="filename">/etc/krb5.keytab</code> is created.</p></li> | |
41 | <li class="listitem"><p>Configures the SSSD service, and restarts and enables it as appropriate.</p></li> | |
42 | <li class="listitem"><p>Enables domain users in <code class="filename">/etc/nsswitch.conf</code></p></li> | |
43 | </ul></div> | |
44 | <p>In addition an IPA domain server's host name | |
45 | or IP address may be specified to join via that domain controller | |
46 | directly.</p> | |
47 | <p>After the join operation is complete, domain accounts should | |
48 | be usable locally, although logins using domain accounts are | |
49 | not necessarily enabled.</p> | |
50 | <p>You verify that domain accounts are working with with a | |
51 | command like this:</p> | |
52 | <div class="informalexample"><pre class="screen"> | |
53 | $ <span class="command"><strong>getent passwd admin@ipa.example.com</strong></span> | |
54 | </pre></div> | |
55 | <p>The join operation will create or update a computer account | |
56 | in the domain.</p> | |
57 | </div> | |
58 | <div class="footer"> | |
59 | <hr> | |
60 | Generated by GTK-Doc | |
61 | </div> | |
62 | </body> | |
63 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>Logins using Domain Accounts</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide-ipa.html" title="Using with IPA"> | |
8 | <link rel="prev" href="guide-ipa-join.html" title="Joining a IPA domain"> | |
9 | <link rel="next" href="guide-kerberos.html" title="Using with other Kerberos realms"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-ipa-join.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-kerberos.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="section"> | |
21 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
22 | <a name="guide-ipa-permit"></a>Logins using Domain Accounts</h2></div></div></div> | |
23 | <p>Once the | |
24 | <a class="link" href="guide-ipa-join.html" title="Joining a IPA domain">computer is joined</a> | |
25 | to a IPA domain, the machine will automatically follow the | |
26 | domain settings for whether users are able to log into the | |
27 | machine or not.</p> | |
28 | <p>To override this behavior and permit any domain account | |
29 | to log in, use the following command.</p> | |
30 | <div class="informalexample"><pre class="screen"> | |
31 | $ <span class="command"><strong>realm permit --realm domain.example.com --all</strong></span> | |
32 | </pre></div> | |
33 | <p>To permit only specific accounts from the domain to log in | |
34 | use the following command. The first time this command is run | |
35 | it will change the mode to only allow logins by specific accounts, | |
36 | and then add the specified accounts to the list of accounts | |
37 | to permit.</p> | |
38 | <div class="informalexample"><pre class="screen"> | |
39 | $ <span class="command"><strong>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</strong></span> | |
40 | </pre></div> | |
41 | <p>To deny logins from any domain account, use the following | |
42 | command.</p> | |
43 | <div class="informalexample"><pre class="screen"> | |
44 | $ <span class="command"><strong>realm deny --realm domain.example.com --all</strong></span> | |
45 | </pre></div> | |
46 | </div> | |
47 | <div class="footer"> | |
48 | <hr> | |
49 | Generated by GTK-Doc | |
50 | </div> | |
51 | </body> | |
52 | </html> |
0 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | |
1 | <html> | |
2 | <head> | |
3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
4 | <title>Using with IPA</title> | |
5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> | |
6 | <link rel="home" href="index.html" title="realmd"> | |
7 | <link rel="up" href="guide.html" title="Part I. Administrative Guide"> | |
8 | <link rel="prev" href="guide-active-directory-permit.html" title="Logins using Domain Accounts"> | |
9 | <link rel="next" href="guide-ipa-client.html" title="IPA client software"> | |
10 | <link rel="stylesheet" href="style.css" type="text/css"> | |
11 | </head> | |
12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> | |
13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> | |
14 | <td><a accesskey="p" href="guide-active-directory-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | <td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> | |
16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> | |
17 | <th width="100%" align="center">realmd</th> | |
18 | <td><a accesskey="n" href="guide-ipa-client.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> | |
19 | </tr></table> | |
20 | <div class="chapter"> | |
21 | <div class="titlepage"><div><div><h2 class="title"> | |
22 | <a name="guide-ipa"></a>Using with IPA</h2></div></div></div> | |
23 | <div class="toc"><dl class="toc"> | |
24 | <dt><span class="section"><a href="guide-ipa.html#idm265571870304">Discovering IPA domains</a></span></dt> | |
25 | <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt> | |
26 | <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt> | |
27 | <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt> | |
28 | </dl></div> | |
29 | <p><span class="command"><strong>realmd</strong></span> can discover IPA domains and join | |
30 | the current computer as an account on a domain. This allows using domain | |
31 | users locally, and log into the local machine with IPA domain | |
32 | credentials.</p> | |
33 | <div class="section"> | |
34 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | |
35 | <a name="idm265571870304"></a>Discovering IPA domains</h2></div></div></div> | |
36 | <p><span class="command"><strong>realmd</strong></span> discovers which domains or | |
37 | realms it can use or configure. It can discover and identify | |
38 | IPA domains by looking up the appropriate DNS SRV | |
39 | records and by connecting to the domain LDAP server.</p> | |
40 | <p>The following DNS SRV records are required to be present | |
41 | for <span class="command"><strong>realmd</strong></span> to identify a provided realm as | |
42 | an Kerberos domain.</p> | |
43 | <div class="informalexample"><pre class="screen"> | |
44 | # In this example the IPA domain is 'domain.example.com' | |
45 | <span class="emphasis"><em>_ldap._tcp.</em></span>domain.example.com. | |
46 | </pre></div> | |
47 | <p>In addition <span class="command"><strong>realmd</strong></span> connects to the LDAP | |
48 | server on the IPA domain server's on port 389 and reads the | |
49 | Root DSE information about the domain.</p> | |
50 | <p>To see how <span class="command"><strong>realmd</strong></span> is discovering a | |
51 | particular domain name, try a command like the following. Using | |
52 | the <code class="option">--verbose</code> argument displays verbose | |
53 | discovery information.</p> | |
54 | <div class="informalexample"><pre class="screen"> | |
55 | $ <span class="command"><strong>realm --verbose discover domain.example.com</strong></span> | |
56 | * Resolving: _ldap._tcp.dc._msdcs.domain.example.com | |
57 | * Resolving: _ldap._tcp.domain.example.com | |
58 | * Performing LDAP DSE lookup on: 192.168.10.22 | |
59 | * Successfully discovered: domain.example.com | |
60 | ... | |
61 | </pre></div> | |
62 | <p>In addition a IPA domain server's host name | |
63 | or IP address may be specified.</p> | |
64 | </div> | |
65 | </div> | |
66 | <div class="footer"> | |
67 | <hr> | |
68 | Generated by GTK-Doc | |
69 | </div> | |
70 | </body> | |
71 | </html> |
5 | 5 | <meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> |
6 | 6 | <link rel="home" href="index.html" title="realmd"> |
7 | 7 | <link rel="up" href="guide.html" title="Part I. Administrative Guide"> |
8 | <link rel="prev" href="guide-freeipa-permit.html" title="Logins using Domain Accounts"> | |
8 | <link rel="prev" href="guide-ipa-permit.html" title="Logins using Domain Accounts"> | |
9 | 9 | <link rel="next" href="guide-integration.html" title="Integration"> |
10 | 10 | <link rel="stylesheet" href="style.css" type="text/css"> |
11 | 11 | </head> |
12 | 12 | <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> |
13 | 13 | <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> |
14 | <td><a accesskey="p" href="guide-freeipa-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
14 | <td><a accesskey="p" href="guide-ipa-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> | |
15 | 15 | <td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> |
16 | 16 | <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> |
17 | 17 | <th width="100%" align="center">realmd</th> |
20 | 20 | <div class="chapter"> |
21 | 21 | <div class="titlepage"><div><div><h2 class="title"> |
22 | 22 | <a name="guide-kerberos"></a>Using with other Kerberos realms</h2></div></div></div> |
23 | <div class="toc"><dl class="toc"><dt><span class="section"><a href="guide-kerberos.html#idm273583842800">Discovering Kerberos realms</a></span></dt></dl></div> | |
23 | <div class="toc"><dl class="toc"><dt><span class="section"><a href="guide-kerberos.html#idm265574189360">Discovering Kerberos realms</a></span></dt></dl></div> | |
24 | 24 | <p><span class="command"><strong>realmd</strong></span> can discover generic Kerberos realms. |
25 | 25 | Since there is no standard way to enroll a computer against a Kerberos |
26 | 26 | server, it is not possible to do this with <span class="command"><strong>realmd</strong></span>.</p> |
27 | 27 | <div class="section"> |
28 | 28 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
29 | <a name="idm273583842800"></a>Discovering Kerberos realms</h2></div></div></div> | |
29 | <a name="idm265574189360"></a>Discovering Kerberos realms</h2></div></div></div> | |
30 | 30 | <p><span class="command"><strong>realmd</strong></span> discovers which domains or |
31 | 31 | realms it can use or configure. It can discover and identify |
32 | 32 | Kerberos domains by looking up the appropriate DNS SRV |
37 | 37 | <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt> |
38 | 38 | <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt> |
39 | 39 | <dd><dl> |
40 | <dt><span class="section"><a href="guide-active-directory-client.html#idm273583734112">Using SSSD with Active Directory</a></span></dt> | |
41 | <dt><span class="section"><a href="guide-active-directory-client.html#idm273583027232">Using Winbind with Active Directory</a></span></dt> | |
40 | <dt><span class="section"><a href="guide-active-directory-client.html#idm265573031696">Using SSSD with Active Directory</a></span></dt> | |
41 | <dt><span class="section"><a href="guide-active-directory-client.html#idm265570004192">Using Winbind with Active Directory</a></span></dt> | |
42 | 42 | </dl></dd> |
43 | 43 | <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt> |
44 | 44 | <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt> |
45 | 45 | </dl></dd> |
46 | <dt><span class="chapter"><a href="guide-freeipa.html">Using with FreeIPA</a></span></dt> | |
46 | <dt><span class="chapter"><a href="guide-ipa.html">Using with IPA</a></span></dt> | |
47 | 47 | <dd><dl> |
48 | <dt><span class="section"><a href="guide-freeipa.html#idm273582976032">Discovering FreeIPA domains</a></span></dt> | |
49 | <dt><span class="section"><a href="guide-freeipa-client.html">FreeIPA client software</a></span></dt> | |
50 | <dt><span class="section"><a href="guide-freeipa-join.html">Joining a FreeIPA domain</a></span></dt> | |
51 | <dt><span class="section"><a href="guide-freeipa-permit.html">Logins using Domain Accounts</a></span></dt> | |
48 | <dt><span class="section"><a href="guide-ipa.html#idm265571870304">Discovering IPA domains</a></span></dt> | |
49 | <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt> | |
50 | <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt> | |
51 | <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt> | |
52 | 52 | </dl></dd> |
53 | 53 | <dt><span class="chapter"><a href="guide-kerberos.html">Using with other Kerberos realms</a></span></dt> |
54 | <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm273583842800">Discovering Kerberos realms</a></span></dt></dl></dd> | |
54 | <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm265574189360">Discovering Kerberos realms</a></span></dt></dl></dd> | |
55 | 55 | <dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt> |
56 | 56 | </dl> |
57 | 57 | </div> |
12 | 12 | <div class="titlepage"> |
13 | 13 | <div> |
14 | 14 | <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">realmd</p></th></tr></table></div> |
15 | <div><p class="releaseinfo">for 0.14.2 | |
15 | <div><p class="releaseinfo">for 0.14.4 | |
16 | 16 | </p></div> |
17 | 17 | </div> |
18 | 18 | <hr> |
34 | 34 | <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt> |
35 | 35 | <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt> |
36 | 36 | <dd><dl> |
37 | <dt><span class="section"><a href="guide-active-directory-client.html#idm273583734112">Using SSSD with Active Directory</a></span></dt> | |
38 | <dt><span class="section"><a href="guide-active-directory-client.html#idm273583027232">Using Winbind with Active Directory</a></span></dt> | |
37 | <dt><span class="section"><a href="guide-active-directory-client.html#idm265573031696">Using SSSD with Active Directory</a></span></dt> | |
38 | <dt><span class="section"><a href="guide-active-directory-client.html#idm265570004192">Using Winbind with Active Directory</a></span></dt> | |
39 | 39 | </dl></dd> |
40 | 40 | <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt> |
41 | 41 | <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt> |
42 | 42 | </dl></dd> |
43 | <dt><span class="chapter"><a href="guide-freeipa.html">Using with FreeIPA</a></span></dt> | |
43 | <dt><span class="chapter"><a href="guide-ipa.html">Using with IPA</a></span></dt> | |
44 | 44 | <dd><dl> |
45 | <dt><span class="section"><a href="guide-freeipa.html#idm273582976032">Discovering FreeIPA domains</a></span></dt> | |
46 | <dt><span class="section"><a href="guide-freeipa-client.html">FreeIPA client software</a></span></dt> | |
47 | <dt><span class="section"><a href="guide-freeipa-join.html">Joining a FreeIPA domain</a></span></dt> | |
48 | <dt><span class="section"><a href="guide-freeipa-permit.html">Logins using Domain Accounts</a></span></dt> | |
45 | <dt><span class="section"><a href="guide-ipa.html#idm265571870304">Discovering IPA domains</a></span></dt> | |
46 | <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt> | |
47 | <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt> | |
48 | <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt> | |
49 | 49 | </dl></dd> |
50 | 50 | <dt><span class="chapter"><a href="guide-kerberos.html">Using with other Kerberos realms</a></span></dt> |
51 | <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm273583842800">Discovering Kerberos realms</a></span></dt></dl></dd> | |
51 | <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm265574189360">Discovering Kerberos realms</a></span></dt></dl></dd> | |
52 | 52 | <dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt> |
53 | 53 | </dl></dd> |
54 | 54 | <dt><span class="part"><a href="development.html">II. Developer Reference</a></span></dt> |
32 | 32 | <div class="cmdsynopsis"><p><code class="command">realm join</code> [-U user] [realm-name]</p></div> |
33 | 33 | <div class="cmdsynopsis"><p><code class="command">realm leave</code> [-U user] [realm-name]</p></div> |
34 | 34 | <div class="cmdsynopsis"><p><code class="command">realm list</code> </p></div> |
35 | <div class="cmdsynopsis"><p><code class="command">realm permit</code> [-ax] [-R realm] {user...}</p></div> | |
35 | <div class="cmdsynopsis"><p><code class="command">realm permit</code> [-ax] [-R realm] {user@domain...}</p></div> | |
36 | 36 | <div class="cmdsynopsis"><p><code class="command">realm deny</code> -a [-R realm]</p></div> |
37 | 37 | </div> |
38 | 38 | <div class="refsect1"> |
39 | <a name="idm273582430896"></a><h2>Description</h2> | |
39 | <a name="idm265573199392"></a><h2>Description</h2> | |
40 | 40 | <p><span class="command"><strong>realm</strong></span> is a command line tool that |
41 | 41 | can be used to manage enrollment in kerberos realms, like Active |
42 | 42 | Directory domains or IPA domains.</p> |
57 | 57 | when running in this mode.</p></td> |
58 | 58 | </tr> |
59 | 59 | <tr> |
60 | <td><p><span class="term"><code class="option">--unattended</code></span></p></td> | |
61 | <td><p>Run in unattended mode without prompting | |
62 | for input.</p></td> | |
63 | </tr> | |
64 | <tr> | |
60 | 65 | <td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td> |
61 | 66 | <td><p>Display verbose diagnostics while doing |
62 | 67 | running commands.</p></td> |
65 | 70 | </table></div> |
66 | 71 | </div> |
67 | 72 | <div class="refsect1"> |
68 | <a name="idm273582424624"></a><h2>Discover</h2> | |
73 | <a name="idm265573191552"></a><h2>Discover</h2> | |
69 | 74 | <p>Discover a realm and its capabilities.</p> |
70 | 75 | <div class="informalexample"> |
71 | 76 | <pre class="programlisting"> |
103 | 108 | <td><p>Only discover realms which run the |
104 | 109 | given server software. Possible values include |
105 | 110 | <em class="replaceable"><code>active-directory</code></em> or |
106 | <em class="replaceable"><code>freeipa</code></em>.</p></td> | |
111 | <em class="replaceable"><code>ipa</code></em>.</p></td> | |
107 | 112 | </tr> |
108 | 113 | <tr> |
109 | 114 | <td><p><span class="term"><code class="option">--membership-software=xxx</code></span></p></td> |
116 | 121 | </table></div> |
117 | 122 | </div> |
118 | 123 | <div class="refsect1"> |
119 | <a name="idm273582410256"></a><h2>Join</h2> | |
124 | <a name="idm265573177328"></a><h2>Join</h2> | |
120 | 125 | <p>Configure the local machine for use with a realm.</p> |
121 | 126 | <div class="informalexample"> |
122 | 127 | <pre class="programlisting"> |
134 | 139 | For kerberos realms, a computer account and host keytab is created.</p> |
135 | 140 | <p>Joining arbitrary kerberos realms is not supported. The realm |
136 | 141 | must have a supported mechanism for joining from a client machine, such |
137 | as Active Directory or FreeIPA.</p> | |
138 | <p>Unless a <code class="literal">--user</code> is explicitly specified, an automatic join is attempted first.</p> | |
142 | as Active Directory or IPA.</p> | |
143 | <p>Unless a <code class="literal">--user</code> is explicitly specified, an | |
144 | automatic join is attempted first. Automatic joins require pre-configuration | |
145 | on the domain side, and may not be supported by all domains.</p> | |
139 | 146 | <p>Note that the <code class="literal">--user </code>, <code class="literal">--no-password</code>, |
140 | 147 | and <code class="literal">--one-time-password </code> options are mutually exclusive. |
141 | 148 | At most one of them can be specified.</p> |
146 | 153 | from the credential cache. The <span class="command"><strong>realm</strong></span> respects the |
147 | 154 | <code class="literal">KRB5_CCACHE</code> environment variable, but uses the default |
148 | 155 | kerberos credential cache if it's not present. Not all types of servers |
149 | can be joined using kerberos credentials, some (like FreeIPA) insist on | |
156 | can be joined using kerberos credentials, some (like IPA) insist on | |
150 | 157 | prompting for a password.</p> |
151 | 158 | <p>The following options can be used:</p> |
152 | 159 | <div class="variablelist"><table border="0" class="variablelist"> |
167 | 174 | unit to create the computer account. The exact format |
168 | 175 | of the distinguished name depends on the client software |
169 | 176 | and membership software. You can usually omit the root |
170 | DSE portion of distinguished name.</p></td> | |
177 | DSE portion of distinguished name. This is an Active | |
178 | Directory specific option.</p></td> | |
171 | 179 | </tr> |
172 | 180 | <tr> |
173 | 181 | <td><p><span class="term"><code class="option">--no-password</code></span></p></td> |
194 | 202 | <td><p>Only join realms for run the |
195 | 203 | given server software. Possible values include |
196 | 204 | <em class="replaceable"><code>active-directory</code></em> or |
197 | <em class="replaceable"><code>freeipa</code></em>.</p></td> | |
205 | <em class="replaceable"><code>ipa</code></em>.</p></td> | |
198 | 206 | </tr> |
199 | 207 | <tr> |
200 | 208 | <td><p><span class="term"><code class="option">--membership-software=xxx</code></span></p></td> |
215 | 223 | </table></div> |
216 | 224 | </div> |
217 | 225 | <div class="refsect1"> |
218 | <a name="idm273582379280"></a><h2>Leave</h2> | |
226 | <a name="idm265573146128"></a><h2>Leave</h2> | |
219 | 227 | <p>Deconfigure the local machine for use with a realm.</p> |
220 | 228 | <div class="informalexample"> |
221 | 229 | <pre class="programlisting"> |
246 | 254 | <td><p>Only leave the realm which is using the |
247 | 255 | given server software. Possible values include |
248 | 256 | <em class="replaceable"><code>active-directory</code></em> or |
249 | <em class="replaceable"><code>freeipa</code></em>.</p></td> | |
257 | <em class="replaceable"><code>ipa</code></em>.</p></td> | |
250 | 258 | </tr> |
251 | 259 | <tr> |
252 | 260 | <td><p><span class="term"><code class="option">--remove</code></span></p></td> |
264 | 272 | </table></div> |
265 | 273 | </div> |
266 | 274 | <div class="refsect1"> |
267 | <a name="idm273582365616"></a><h2>List</h2> | |
275 | <a name="idm265573132464"></a><h2>List</h2> | |
268 | 276 | <p>List all the discovered and configured realms.</p> |
269 | 277 | <div class="informalexample"><pre class="programlisting"> |
270 | 278 | $ realm list |
294 | 302 | </table></div> |
295 | 303 | </div> |
296 | 304 | <div class="refsect1"> |
297 | <a name="idm273582357888"></a><h2>Permit</h2> | |
305 | <a name="idm265573124736"></a><h2>Permit</h2> | |
298 | 306 | <p>Permit local login by users of the realm.</p> |
299 | 307 | <div class="informalexample"><pre class="programlisting"> |
300 | 308 | $ realm permit --all |
301 | $ realm permit DOMAIN\User | |
302 | $ realm permit DOMAIN\User2 | |
303 | $ realm permit --withdraw DOMAIN\User | |
309 | $ realm permit user@example.com | |
310 | $ realm permit DOMAIN\\User2 | |
311 | $ realm permit --withdraw user@example.com | |
304 | 312 | </pre></div> |
305 | 313 | <p>The current login policy and format of the user names can be seen |
306 | 314 | by using the <span class="command"><strong>realm list</strong></span> command.</p> |
307 | <p>The following options can be used:</p> | |
308 | <p>The format of the user name can be seen by using the | |
309 | <code class="option">list</code> command.</p> | |
310 | 315 | <p>The following options can be used:</p> |
311 | 316 | <div class="variablelist"><table border="0" class="variablelist"> |
312 | 317 | <colgroup> |
341 | 346 | </table></div> |
342 | 347 | </div> |
343 | 348 | <div class="refsect1"> |
344 | <a name="idm273582345168"></a><h2>Deny</h2> | |
349 | <a name="idm265573113328"></a><h2>Deny</h2> | |
345 | 350 | <p>Deny local login by realm accounts.</p> |
346 | 351 | <div class="informalexample"><pre class="programlisting"> |
347 | 352 | $ realm deny --all |
27 | 27 | <td valign="top" align="right"></td> |
28 | 28 | </tr></table></div> |
29 | 29 | <div class="refsect1"> |
30 | <a name="idm273580945152"></a><h2>Configuration File</h2> | |
30 | <a name="idm265570999216"></a><h2>Configuration File</h2> | |
31 | 31 | <p><span class="command"><strong>realmd</strong></span> can be tweaked by network administrators |
32 | 32 | to act in specific ways. This is done by placing settings in a |
33 | 33 | <code class="filename">/etc/realmd.conf</code>. This file does not exist by |
34 | 34 | default. The syntax of this file is the same as an INI file or |
35 | 35 | Desktop Entry file.</p> |
36 | <p>In general, settings in this file only apply at the point of | |
37 | joining a domain or realm. Once the realm has been setup the settings | |
38 | have no effect. You may choose to configure | |
39 | <a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> or | |
40 | <a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a> | |
41 | directly.</p> | |
36 | 42 | <p>Only specify the settings you wish to override in the |
37 | 43 | <code class="filename">/etc/realmd.conf</code> file. Settings not specified will |
38 | 44 | be loaded from their packaged defaults. Only override the settings |
121 | 127 | <code class="option">os-version</code> settings to control the values that |
122 | 128 | are placed in the computer account <code class="option">operatingSystem</code> and |
123 | 129 | <code class="option">operatingSystemVersion</code> attributes.</p> |
130 | <p>This is an Active Directory specific option.</p> | |
124 | 131 | <div class="informalexample"><pre class="programlisting"> |
125 | 132 | [active-directory] |
126 | 133 | os-name = Gentoo Linux |
179 | 186 | |
180 | 187 | </pre></div> |
181 | 188 | <p>The default setting for this is <code class="option">/home/%D/%U</code>. The |
182 | <code class="option">%D</code> format is replaced by the domain name. In the case of | |
183 | Active Directory this is the short domain name. The <code class="option">%U</code> | |
189 | <code class="option">%D</code> format is replaced by the domain name. The <code class="option">%U</code> | |
184 | 190 | format is replaced by the user name.</p> |
185 | 191 | <p>You can verify the home directory for a user by running the |
186 | 192 | following command.</p> |
188 | 194 | $ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span> |
189 | 195 | DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash |
190 | 196 | </pre></div> |
197 | <p>Note that in the case of IPA domains, most users already have a | |
198 | home directory configured in the domain. Therefore this configuration | |
199 | setting may rarely show through.</p> | |
191 | 200 | </td> |
192 | 201 | </tr> |
193 | 202 | <tr> |
211 | 220 | $ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span> |
212 | 221 | DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash |
213 | 222 | </pre></div> |
223 | <p>Note that in the case of IPA domains, most users already have a | |
224 | shell configured in the domain. Therefore this configuration setting | |
225 | may rarely show through.</p> | |
214 | 226 | </td> |
215 | 227 | </tr> |
216 | 228 | </tbody> |
217 | 229 | </table></div> |
218 | 230 | </div> |
219 | 231 | <div class="refsect1"> |
220 | <a name="idm273579937344"></a><h2>Realm specific settings</h2> | |
232 | <a name="idm265570515856"></a><h2>Realm specific settings</h2> | |
221 | 233 | <p>These options should go in an section with the same name |
222 | 234 | as the realm in the <code class="filename">/etc/realmd.conf</code> file. |
223 | 235 | For example for the <code class="option">domain.example.com</code> domain |
276 | 288 | Turn it off to use UID and GID information stored in the |
277 | 289 | directory (as-per RFC2307) rather than automatically generating |
278 | 290 | UID and GID numbers.</p> |
291 | <p>This option only makes sense for Active Directory | |
292 | realms.</p> | |
279 | 293 | <div class="informalexample"><pre class="programlisting"> |
280 | 294 | [domain.example.com] |
281 | 295 | automatic-id-mapping = no |
294 | 308 | [domain.example.com] |
295 | 309 | manage-system = no |
296 | 310 | # manage-system = yes |
297 | </pre></div> | |
311 | ||
312 | </pre></div> | |
313 | <p>When this option is turned on <span class="command"><strong>realmd</strong></span> | |
314 | defaults to using domain policy to control who can log into | |
315 | this machine. Further adjustments to login policy can be made | |
316 | with the <span class="command"><strong>realm permit</strong></span> command.</p> | |
298 | 317 | </td> |
299 | 318 | </tr> |
300 | 319 | <tr> |
41 | 41 | <command>realm list</command> |
42 | 42 | </cmdsynopsis> |
43 | 43 | <cmdsynopsis> |
44 | <command>realm permit</command> <arg choice="opt">-ax</arg> <arg choice="opt">-R realm</arg> <arg choice="req" rep="repeat">user</arg> | |
44 | <command>realm permit</command> <arg choice="opt">-ax</arg> <arg choice="opt">-R realm</arg> <arg choice="req" rep="repeat">user@domain</arg> | |
45 | 45 | </cmdsynopsis> |
46 | 46 | <cmdsynopsis> |
47 | 47 | <command>realm deny</command> <arg choice="plain">-a</arg> <arg choice="opt">-R realm</arg> |
67 | 67 | when running in this mode.</para></listitem> |
68 | 68 | </varlistentry> |
69 | 69 | <varlistentry> |
70 | <term><option>--unattended</option></term> | |
71 | <listitem><para>Run in unattended mode without prompting | |
72 | for input.</para></listitem> | |
73 | </varlistentry> | |
74 | <varlistentry> | |
70 | 75 | <term><option>--verbose, -v</option></term> |
71 | 76 | <listitem><para>Display verbose diagnostics while doing |
72 | 77 | running commands.</para></listitem> |
115 | 120 | <listitem><para>Only discover realms which run the |
116 | 121 | given server software. Possible values include |
117 | 122 | <replaceable>active-directory</replaceable> or |
118 | <replaceable>freeipa</replaceable>.</para></listitem> | |
123 | <replaceable>ipa</replaceable>.</para></listitem> | |
119 | 124 | </varlistentry> |
120 | 125 | <varlistentry> |
121 | 126 | <term><option>--membership-software=xxx</option></term> |
152 | 157 | |
153 | 158 | <para>Joining arbitrary kerberos realms is not supported. The realm |
154 | 159 | must have a supported mechanism for joining from a client machine, such |
155 | as Active Directory or FreeIPA.</para> | |
156 | ||
157 | <para>Unless a <literal>--user</literal> is explicitly specified, an automatic join is attempted first.</para> | |
160 | as Active Directory or IPA.</para> | |
161 | ||
162 | <para>Unless a <literal>--user</literal> is explicitly specified, an | |
163 | automatic join is attempted first. Automatic joins require pre-configuration | |
164 | on the domain side, and may not be supported by all domains.</para> | |
158 | 165 | |
159 | 166 | <para>Note that the <literal>--user </literal>, <literal>--no-password</literal>, |
160 | 167 | and <literal>--one-time-password </literal> options are mutually exclusive. |
167 | 174 | from the credential cache. The <command>realm</command> respects the |
168 | 175 | <literal>KRB5_CCACHE</literal> environment variable, but uses the default |
169 | 176 | kerberos credential cache if it's not present. Not all types of servers |
170 | can be joined using kerberos credentials, some (like FreeIPA) insist on | |
177 | can be joined using kerberos credentials, some (like IPA) insist on | |
171 | 178 | prompting for a password.</para> |
172 | 179 | |
173 | 180 | <para>The following options can be used:</para> |
185 | 192 | unit to create the computer account. The exact format |
186 | 193 | of the distinguished name depends on the client software |
187 | 194 | and membership software. You can usually omit the root |
188 | DSE portion of distinguished name.</para></listitem> | |
195 | DSE portion of distinguished name. This is an Active | |
196 | Directory specific option.</para></listitem> | |
189 | 197 | </varlistentry> |
190 | 198 | <varlistentry> |
191 | 199 | <term><option>--no-password</option></term> |
212 | 220 | <listitem><para>Only join realms for run the |
213 | 221 | given server software. Possible values include |
214 | 222 | <replaceable>active-directory</replaceable> or |
215 | <replaceable>freeipa</replaceable>.</para></listitem> | |
223 | <replaceable>ipa</replaceable>.</para></listitem> | |
216 | 224 | </varlistentry> |
217 | 225 | <varlistentry> |
218 | 226 | <term><option>--membership-software=xxx</option></term> |
265 | 273 | <listitem><para>Only leave the realm which is using the |
266 | 274 | given server software. Possible values include |
267 | 275 | <replaceable>active-directory</replaceable> or |
268 | <replaceable>freeipa</replaceable>.</para></listitem> | |
276 | <replaceable>ipa</replaceable>.</para></listitem> | |
269 | 277 | </varlistentry> |
270 | 278 | <varlistentry> |
271 | 279 | <term><option>--remove</option></term> |
323 | 331 | <informalexample> |
324 | 332 | <programlisting> |
325 | 333 | $ realm permit --all |
326 | $ realm permit DOMAIN\User | |
327 | $ realm permit DOMAIN\User2 | |
328 | $ realm permit --withdraw DOMAIN\User | |
334 | $ realm permit user@example.com | |
335 | $ realm permit DOMAIN\\User2 | |
336 | $ realm permit --withdraw user@example.com | |
329 | 337 | </programlisting> |
330 | 338 | </informalexample> |
331 | 339 | |
332 | 340 | <para>The current login policy and format of the user names can be seen |
333 | 341 | by using the <command>realm list</command> command.</para> |
334 | ||
335 | <para>The following options can be used:</para> | |
336 | ||
337 | <para>The format of the user name can be seen by using the | |
338 | <option>list</option> command.</para> | |
339 | 342 | |
340 | 343 | <para>The following options can be used:</para> |
341 | 344 |
19 | 19 | </chapter> |
20 | 20 | |
21 | 21 | <xi:include href="realmd-guide-active-directory.xml"/> |
22 | <xi:include href="realmd-guide-freeipa.xml"/> | |
22 | <xi:include href="realmd-guide-ipa.xml"/> | |
23 | 23 | <xi:include href="realmd-guide-kerberos.xml"/> |
24 | 24 | |
25 | 25 | <chapter id="guide-integration"> |
0 | <?xml version="1.0"?> | |
1 | <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" | |
2 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" | |
3 | [ | |
4 | <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'"> | |
5 | ]> | |
6 | ||
7 | <chapter id="guide-freeipa"> | |
8 | <title>Using with FreeIPA</title> | |
9 | ||
10 | <para><command>realmd</command> can discover FreeIPA domains and join | |
11 | the current computer as an account on a domain. This allows using domain | |
12 | users locally, and log into the local machine with FreeIPA domain | |
13 | credentials.</para> | |
14 | ||
15 | <section> | |
16 | <title>Discovering FreeIPA domains</title> | |
17 | <para><command>realmd</command> discovers which domains or | |
18 | realms it can use or configure. It can discover and identify | |
19 | FreeIPA domains by looking up the appropriate DNS SRV | |
20 | records and by connecting to the domain LDAP server.</para> | |
21 | ||
22 | <para>The following DNS SRV records are required to be present | |
23 | for <command>realmd</command> to identify a provided realm as | |
24 | an Kerberos domain.</para> | |
25 | ||
26 | <informalexample> | |
27 | <screen> | |
28 | # In this example the FreeIPA domain is 'domain.example.com' | |
29 | <emphasis>_ldap._tcp.</emphasis>domain.example.com. | |
30 | </screen> | |
31 | </informalexample> | |
32 | ||
33 | <para>In addition <command>realmd</command> connects to the LDAP | |
34 | server on the FreeIPA domain server's on port 389 and reads the | |
35 | Root DSE information about the domain.</para> | |
36 | ||
37 | <para>To see how <command>realmd</command> is discovering a | |
38 | particular domain name, try a command like the following. Using | |
39 | the <option>--verbose</option> argument displays verbose | |
40 | discovery information.</para> | |
41 | ||
42 | <informalexample> | |
43 | <screen> | |
44 | $ <command>realm --verbose discover domain.example.com</command> | |
45 | * Resolving: _ldap._tcp.dc._msdcs.domain.example.com | |
46 | * Resolving: _ldap._tcp.domain.example.com | |
47 | * Performing LDAP DSE lookup on: 192.168.10.22 | |
48 | * Successfully discovered: domain.example.com | |
49 | ... | |
50 | </screen> | |
51 | </informalexample> | |
52 | ||
53 | <para>In addition a FreeIPA domain server's host name | |
54 | or IP address may be specified.</para> | |
55 | </section> | |
56 | ||
57 | <section id="guide-freeipa-client"> | |
58 | <title>FreeIPA client software</title> | |
59 | <para>As part of configuring an FreeIPA domain for use | |
60 | on the local computer, <command>realmd</command> will install and | |
61 | configure client software to enable domain accounts to be used on | |
62 | the local computer.</para> | |
63 | ||
64 | <para>For a FreeIPA domain this is | |
65 | <ulink url="https://fedorahosted.org/sssd/">SSSD</ulink>.</para> | |
66 | ||
67 | </section> | |
68 | ||
69 | <section id="guide-freeipa-join"> | |
70 | <title>Joining a FreeIPA domain</title> | |
71 | ||
72 | <para>To join a FreeIPA domain with <command>realmd</command> | |
73 | you can use the <link linkend="realm"><command>realm</command></link> | |
74 | command line tool:</para> | |
75 | ||
76 | <informalexample> | |
77 | <screen> | |
78 | $ <command>realm join --verbose ipa.example.com</command> | |
79 | </screen> | |
80 | </informalexample> | |
81 | ||
82 | <para>By specifying the <option>--verbose</option> it's easier | |
83 | to see what went wrong if the join fails.</para> | |
84 | ||
85 | <para>Other tools also use <command>realmd</command> which can | |
86 | be used to perform the join operation, for example: GNOME | |
87 | Control Center.</para> | |
88 | ||
89 | <para>The join operation does the following:</para> | |
90 | <itemizedlist> | |
91 | <listitem><para>Discovers information about the domain.</para></listitem> | |
92 | <listitem><para>Installs the necessary software to join the domain, such as SSSD.</para></listitem> | |
93 | <listitem><para>Prompts for administrative credentials.</para></listitem> | |
94 | <listitem><para>A computer account in the domain will be created, and or updated.</para></listitem> | |
95 | <listitem><para>A host keytab file at <filename>/etc/krb5.keytab</filename> is created.</para></listitem> | |
96 | <listitem><para>Configures the SSSD service, and restarts and enables it as appropriate.</para></listitem> | |
97 | <listitem><para>Enables domain users in <filename>/etc/nsswitch.conf</filename></para></listitem> | |
98 | </itemizedlist> | |
99 | ||
100 | <para>In addition an FreeIPA domain server's host name | |
101 | or IP address may be specified to join via that domain controller | |
102 | directly.</para> | |
103 | ||
104 | <para>After the join operation is complete, domain accounts should | |
105 | be usable locally, although logins using domain accounts are | |
106 | not necessarily enabled.</para> | |
107 | ||
108 | <para>You verify that domain accounts are working with with a | |
109 | command like this:</para> | |
110 | ||
111 | <informalexample> | |
112 | <screen> | |
113 | $ <command>getent passwd admin@ipa.example.com</command> | |
114 | </screen> | |
115 | </informalexample> | |
116 | ||
117 | <para>The join operation will create or update a computer account | |
118 | in the domain.</para> | |
119 | ||
120 | </section> | |
121 | ||
122 | <section id="guide-freeipa-permit"> | |
123 | <title>Logins using Domain Accounts</title> | |
124 | ||
125 | <para>Once the | |
126 | <link linkend="guide-freeipa-join">computer is joined</link> | |
127 | to a FreeIPA domain, the machine will automatically follow the | |
128 | domain settings for whether users are able to log into the | |
129 | machine or not.</para> | |
130 | ||
131 | <para>To override this behavior and permit any domain account | |
132 | to log in, use the following command.</para> | |
133 | ||
134 | <informalexample> | |
135 | <screen> | |
136 | $ <command>realm permit --realm domain.example.com --all</command> | |
137 | </screen> | |
138 | </informalexample> | |
139 | ||
140 | <para>To permit only specific accounts from the domain to log in | |
141 | use the following command. The first time this command is run | |
142 | it will change the mode to only allow logins by specific accounts, | |
143 | and then add the specified accounts to the list of accounts | |
144 | to permit.</para> | |
145 | ||
146 | <informalexample> | |
147 | <screen> | |
148 | $ <command>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</command> | |
149 | </screen> | |
150 | </informalexample> | |
151 | ||
152 | <para>To deny logins from any domain account, use the following | |
153 | command.</para> | |
154 | ||
155 | <informalexample> | |
156 | <screen> | |
157 | $ <command>realm deny --realm domain.example.com --all</command> | |
158 | </screen> | |
159 | </informalexample> | |
160 | ||
161 | </section> | |
162 | ||
163 | </chapter> |
0 | <?xml version="1.0"?> | |
1 | <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" | |
2 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" | |
3 | [ | |
4 | <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'"> | |
5 | ]> | |
6 | ||
7 | <chapter id="guide-ipa"> | |
8 | <title>Using with IPA</title> | |
9 | ||
10 | <para><command>realmd</command> can discover IPA domains and join | |
11 | the current computer as an account on a domain. This allows using domain | |
12 | users locally, and log into the local machine with IPA domain | |
13 | credentials.</para> | |
14 | ||
15 | <section> | |
16 | <title>Discovering IPA domains</title> | |
17 | <para><command>realmd</command> discovers which domains or | |
18 | realms it can use or configure. It can discover and identify | |
19 | IPA domains by looking up the appropriate DNS SRV | |
20 | records and by connecting to the domain LDAP server.</para> | |
21 | ||
22 | <para>The following DNS SRV records are required to be present | |
23 | for <command>realmd</command> to identify a provided realm as | |
24 | an Kerberos domain.</para> | |
25 | ||
26 | <informalexample> | |
27 | <screen> | |
28 | # In this example the IPA domain is 'domain.example.com' | |
29 | <emphasis>_ldap._tcp.</emphasis>domain.example.com. | |
30 | </screen> | |
31 | </informalexample> | |
32 | ||
33 | <para>In addition <command>realmd</command> connects to the LDAP | |
34 | server on the IPA domain server's on port 389 and reads the | |
35 | Root DSE information about the domain.</para> | |
36 | ||
37 | <para>To see how <command>realmd</command> is discovering a | |
38 | particular domain name, try a command like the following. Using | |
39 | the <option>--verbose</option> argument displays verbose | |
40 | discovery information.</para> | |
41 | ||
42 | <informalexample> | |
43 | <screen> | |
44 | $ <command>realm --verbose discover domain.example.com</command> | |
45 | * Resolving: _ldap._tcp.dc._msdcs.domain.example.com | |
46 | * Resolving: _ldap._tcp.domain.example.com | |
47 | * Performing LDAP DSE lookup on: 192.168.10.22 | |
48 | * Successfully discovered: domain.example.com | |
49 | ... | |
50 | </screen> | |
51 | </informalexample> | |
52 | ||
53 | <para>In addition a IPA domain server's host name | |
54 | or IP address may be specified.</para> | |
55 | </section> | |
56 | ||
57 | <section id="guide-ipa-client"> | |
58 | <title>IPA client software</title> | |
59 | <para>As part of configuring an IPA domain for use | |
60 | on the local computer, <command>realmd</command> will install and | |
61 | configure client software to enable domain accounts to be used on | |
62 | the local computer.</para> | |
63 | ||
64 | <para>For a IPA domain this is | |
65 | <ulink url="https://fedorahosted.org/sssd/">SSSD</ulink>.</para> | |
66 | ||
67 | </section> | |
68 | ||
69 | <section id="guide-ipa-join"> | |
70 | <title>Joining a IPA domain</title> | |
71 | ||
72 | <para>To join a IPA domain with <command>realmd</command> | |
73 | you can use the <link linkend="realm"><command>realm</command></link> | |
74 | command line tool:</para> | |
75 | ||
76 | <informalexample> | |
77 | <screen> | |
78 | $ <command>realm join --verbose ipa.example.com</command> | |
79 | </screen> | |
80 | </informalexample> | |
81 | ||
82 | <para>By specifying the <option>--verbose</option> it's easier | |
83 | to see what went wrong if the join fails.</para> | |
84 | ||
85 | <para>Other tools also use <command>realmd</command> which can | |
86 | be used to perform the join operation, for example: GNOME | |
87 | Control Center.</para> | |
88 | ||
89 | <para>The join operation does the following:</para> | |
90 | <itemizedlist> | |
91 | <listitem><para>Discovers information about the domain.</para></listitem> | |
92 | <listitem><para>Installs the necessary software to join the domain, such as SSSD.</para></listitem> | |
93 | <listitem><para>Prompts for administrative credentials.</para></listitem> | |
94 | <listitem><para>A computer account in the domain will be created, and or updated.</para></listitem> | |
95 | <listitem><para>A host keytab file at <filename>/etc/krb5.keytab</filename> is created.</para></listitem> | |
96 | <listitem><para>Configures the SSSD service, and restarts and enables it as appropriate.</para></listitem> | |
97 | <listitem><para>Enables domain users in <filename>/etc/nsswitch.conf</filename></para></listitem> | |
98 | </itemizedlist> | |
99 | ||
100 | <para>In addition an IPA domain server's host name | |
101 | or IP address may be specified to join via that domain controller | |
102 | directly.</para> | |
103 | ||
104 | <para>After the join operation is complete, domain accounts should | |
105 | be usable locally, although logins using domain accounts are | |
106 | not necessarily enabled.</para> | |
107 | ||
108 | <para>You verify that domain accounts are working with with a | |
109 | command like this:</para> | |
110 | ||
111 | <informalexample> | |
112 | <screen> | |
113 | $ <command>getent passwd admin@ipa.example.com</command> | |
114 | </screen> | |
115 | </informalexample> | |
116 | ||
117 | <para>The join operation will create or update a computer account | |
118 | in the domain.</para> | |
119 | ||
120 | </section> | |
121 | ||
122 | <section id="guide-ipa-permit"> | |
123 | <title>Logins using Domain Accounts</title> | |
124 | ||
125 | <para>Once the | |
126 | <link linkend="guide-ipa-join">computer is joined</link> | |
127 | to a IPA domain, the machine will automatically follow the | |
128 | domain settings for whether users are able to log into the | |
129 | machine or not.</para> | |
130 | ||
131 | <para>To override this behavior and permit any domain account | |
132 | to log in, use the following command.</para> | |
133 | ||
134 | <informalexample> | |
135 | <screen> | |
136 | $ <command>realm permit --realm domain.example.com --all</command> | |
137 | </screen> | |
138 | </informalexample> | |
139 | ||
140 | <para>To permit only specific accounts from the domain to log in | |
141 | use the following command. The first time this command is run | |
142 | it will change the mode to only allow logins by specific accounts, | |
143 | and then add the specified accounts to the list of accounts | |
144 | to permit.</para> | |
145 | ||
146 | <informalexample> | |
147 | <screen> | |
148 | $ <command>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</command> | |
149 | </screen> | |
150 | </informalexample> | |
151 | ||
152 | <para>To deny logins from any domain account, use the following | |
153 | command.</para> | |
154 | ||
155 | <informalexample> | |
156 | <screen> | |
157 | $ <command>realm deny --realm domain.example.com --all</command> | |
158 | </screen> | |
159 | </informalexample> | |
160 | ||
161 | </section> | |
162 | ||
163 | </chapter> |
35 | 35 | <filename>/etc/realmd.conf</filename>. This file does not exist by |
36 | 36 | default. The syntax of this file is the same as an INI file or |
37 | 37 | Desktop Entry file.</para> |
38 | ||
39 | <para>In general, settings in this file only apply at the point of | |
40 | joining a domain or realm. Once the realm has been setup the settings | |
41 | have no effect. You may choose to configure | |
42 | <ulink url="https://fedorahosted.org/sssd/">SSSD</ulink> or | |
43 | <ulink url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html">Winbind</ulink> | |
44 | directly.</para> | |
38 | 45 | |
39 | 46 | <para>Only specify the settings you wish to override in the |
40 | 47 | <filename>/etc/realmd.conf</filename> file. Settings not specified will |
139 | 146 | are placed in the computer account <option>operatingSystem</option> and |
140 | 147 | <option>operatingSystemVersion</option> attributes.</para> |
141 | 148 | |
149 | <para>This is an Active Directory specific option.</para> | |
150 | ||
142 | 151 | <informalexample> |
143 | 152 | <programlisting language="js"> |
144 | 153 | [active-directory] |
205 | 214 | </informalexample> |
206 | 215 | |
207 | 216 | <para>The default setting for this is <option>/home/%D/%U</option>. The |
208 | <option>%D</option> format is replaced by the domain name. In the case of | |
209 | Active Directory this is the short domain name. The <option>%U</option> | |
217 | <option>%D</option> format is replaced by the domain name. The <option>%U</option> | |
210 | 218 | format is replaced by the user name.</para> |
211 | 219 | |
212 | 220 | <para>You can verify the home directory for a user by running the |
219 | 227 | </screen> |
220 | 228 | </informalexample> |
221 | 229 | |
230 | <para>Note that in the case of IPA domains, most users already have a | |
231 | home directory configured in the domain. Therefore this configuration | |
232 | setting may rarely show through.</para> | |
222 | 233 | </listitem> |
223 | 234 | </varlistentry> |
224 | 235 | |
252 | 263 | </screen> |
253 | 264 | </informalexample> |
254 | 265 | |
266 | <para>Note that in the case of IPA domains, most users already have a | |
267 | shell configured in the domain. Therefore this configuration setting | |
268 | may rarely show through.</para> | |
255 | 269 | </listitem> |
256 | 270 | </varlistentry> |
257 | 271 | |
331 | 345 | directory (as-per RFC2307) rather than automatically generating |
332 | 346 | UID and GID numbers.</para> |
333 | 347 | |
348 | <para>This option only makes sense for Active Directory | |
349 | realms.</para> | |
350 | ||
334 | 351 | <informalexample> |
335 | 352 | <programlisting> |
336 | 353 | [domain.example.com] |
354 | 371 | [domain.example.com] |
355 | 372 | manage-system = no |
356 | 373 | # manage-system = yes |
357 | </programlisting> | |
358 | </informalexample> | |
374 | ||
375 | </programlisting> | |
376 | </informalexample> | |
377 | ||
378 | <para>When this option is turned on <command>realmd</command> | |
379 | defaults to using domain policy to control who can log into | |
380 | this machine. Further adjustments to login policy can be made | |
381 | with the <command>realm permit</command> command.</para> | |
359 | 382 | </listitem> |
360 | 383 | </varlistentry> |
361 | 384 |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
13 | 13 | |
14 | 14 | @SET_MAKE@ |
15 | 15 | VPATH = @srcdir@ |
16 | am__make_dryrun = \ | |
17 | { \ | |
18 | am__dry=no; \ | |
16 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
17 | am__make_running_with_option = \ | |
18 | case $${target_option-} in \ | |
19 | ?) ;; \ | |
20 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
21 | "target option '$${target_option-}' specified" >&2; \ | |
22 | exit 1;; \ | |
23 | esac; \ | |
24 | has_opt=no; \ | |
25 | sane_makeflags=$$MAKEFLAGS; \ | |
26 | if $(am__is_gnu_make); then \ | |
27 | sane_makeflags=$$MFLAGS; \ | |
28 | else \ | |
19 | 29 | case $$MAKEFLAGS in \ |
20 | 30 | *\\[\ \ ]*) \ |
21 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
22 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
23 | *) \ | |
24 | for am__flg in $$MAKEFLAGS; do \ | |
25 | case $$am__flg in \ | |
26 | *=*|--*) ;; \ | |
27 | *n*) am__dry=yes; break;; \ | |
28 | esac; \ | |
29 | done;; \ | |
31 | bs=\\; \ | |
32 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
33 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
30 | 34 | esac; \ |
31 | test $$am__dry = yes; \ | |
32 | } | |
35 | fi; \ | |
36 | skip_next=no; \ | |
37 | strip_trailopt () \ | |
38 | { \ | |
39 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
40 | }; \ | |
41 | for flg in $$sane_makeflags; do \ | |
42 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
43 | case $$flg in \ | |
44 | *=*|--*) continue;; \ | |
45 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
46 | -*I?*) strip_trailopt 'I';; \ | |
47 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
48 | -*O?*) strip_trailopt 'O';; \ | |
49 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
50 | -*l?*) strip_trailopt 'l';; \ | |
51 | -[dEDm]) skip_next=yes;; \ | |
52 | -[JT]) skip_next=yes;; \ | |
53 | esac; \ | |
54 | case $$flg in \ | |
55 | *$$target_option*) has_opt=yes; break;; \ | |
56 | esac; \ | |
57 | done; \ | |
58 | test $$has_opt = yes | |
59 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
60 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
33 | 61 | pkgdatadir = $(datadir)/@PACKAGE@ |
34 | 62 | pkgincludedir = $(includedir)/@PACKAGE@ |
35 | 63 | pkglibdir = $(libdir)/@PACKAGE@ |
68 | 68 | -DSYSCONF_DIR="\"$(sysconfdir)\"" \ |
69 | 69 | -DPROVIDER_DIR="\"$(privatedir)/provider.d\"" \ |
70 | 70 | -DLOCALEDIR=\""$(datadir)/locale"\" \ |
71 | -DSTATE_DIR="\"$(localstatedir)/realmd\"" \ | |
71 | -DSTATE_DIR="\"$(localstatedir)/lib/realmd\"" \ | |
72 | 72 | -DCACHEDIR="\"$(cachedir)\"" \ |
73 | 73 | $(PACKAGEKIT_CFLAGS) \ |
74 | 74 | $(POLKIT_CFLAGS) \ |
91 | 91 | # Install and uninstall the config for this distro |
92 | 92 | install-data-local: |
93 | 93 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(privatedir) |
94 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/realmd | |
94 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/lib/realmd | |
95 | 95 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(cachedir) |
96 | 96 | $(INSTALL_DATA) $(srcdir)/realmd-$(DISTRO).conf $(DESTDIR)$(privatedir)/realmd-distro.conf |
97 | 97 | uninstall-local: |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
15 | 15 | |
16 | 16 | |
17 | 17 | VPATH = @srcdir@ |
18 | am__make_dryrun = \ | |
19 | { \ | |
20 | am__dry=no; \ | |
18 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
19 | am__make_running_with_option = \ | |
20 | case $${target_option-} in \ | |
21 | ?) ;; \ | |
22 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
23 | "target option '$${target_option-}' specified" >&2; \ | |
24 | exit 1;; \ | |
25 | esac; \ | |
26 | has_opt=no; \ | |
27 | sane_makeflags=$$MAKEFLAGS; \ | |
28 | if $(am__is_gnu_make); then \ | |
29 | sane_makeflags=$$MFLAGS; \ | |
30 | else \ | |
21 | 31 | case $$MAKEFLAGS in \ |
22 | 32 | *\\[\ \ ]*) \ |
23 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
24 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
25 | *) \ | |
26 | for am__flg in $$MAKEFLAGS; do \ | |
27 | case $$am__flg in \ | |
28 | *=*|--*) ;; \ | |
29 | *n*) am__dry=yes; break;; \ | |
30 | esac; \ | |
31 | done;; \ | |
33 | bs=\\; \ | |
34 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
35 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
32 | 36 | esac; \ |
33 | test $$am__dry = yes; \ | |
34 | } | |
37 | fi; \ | |
38 | skip_next=no; \ | |
39 | strip_trailopt () \ | |
40 | { \ | |
41 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
42 | }; \ | |
43 | for flg in $$sane_makeflags; do \ | |
44 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
45 | case $$flg in \ | |
46 | *=*|--*) continue;; \ | |
47 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
48 | -*I?*) strip_trailopt 'I';; \ | |
49 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
50 | -*O?*) strip_trailopt 'O';; \ | |
51 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
52 | -*l?*) strip_trailopt 'l';; \ | |
53 | -[dEDm]) skip_next=yes;; \ | |
54 | -[JT]) skip_next=yes;; \ | |
55 | esac; \ | |
56 | case $$flg in \ | |
57 | *$$target_option*) has_opt=yes; break;; \ | |
58 | esac; \ | |
59 | done; \ | |
60 | test $$has_opt = yes | |
61 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
62 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
35 | 63 | pkgdatadir = $(datadir)/@PACKAGE@ |
36 | 64 | pkgincludedir = $(includedir)/@PACKAGE@ |
37 | 65 | pkglibdir = $(libdir)/@PACKAGE@ |
429 | 457 | -DSYSCONF_DIR="\"$(sysconfdir)\"" \ |
430 | 458 | -DPROVIDER_DIR="\"$(privatedir)/provider.d\"" \ |
431 | 459 | -DLOCALEDIR=\""$(datadir)/locale"\" \ |
432 | -DSTATE_DIR="\"$(localstatedir)/realmd\"" \ | |
460 | -DSTATE_DIR="\"$(localstatedir)/lib/realmd\"" \ | |
433 | 461 | -DCACHEDIR="\"$(cachedir)\"" \ |
434 | 462 | $(PACKAGEKIT_CFLAGS) \ |
435 | 463 | $(POLKIT_CFLAGS) \ |
545 | 573 | |
546 | 574 | clean-privatePROGRAMS: |
547 | 575 | -test -z "$(private_PROGRAMS)" || rm -f $(private_PROGRAMS) |
576 | ||
548 | 577 | realmd$(EXEEXT): $(realmd_OBJECTS) $(realmd_DEPENDENCIES) $(EXTRA_realmd_DEPENDENCIES) |
549 | 578 | @rm -f realmd$(EXEEXT) |
550 | 579 | $(AM_V_CCLD)$(realmd_LINK) $(realmd_OBJECTS) $(realmd_LDADD) $(LIBS) |
1459 | 1488 | # Install and uninstall the config for this distro |
1460 | 1489 | install-data-local: |
1461 | 1490 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(privatedir) |
1462 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/realmd | |
1491 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/lib/realmd | |
1463 | 1492 | $(INSTALL_PROGRAM) -d $(DESTDIR)$(cachedir) |
1464 | 1493 | $(INSTALL_DATA) $(srcdir)/realmd-$(DISTRO).conf $(DESTDIR)$(privatedir)/realmd-distro.conf |
1465 | 1494 | uninstall-local: |
72 | 72 | gpointer user_data) |
73 | 73 | { |
74 | 74 | gchar *environ[] = { "LANG=C", NULL }; |
75 | GInetAddress *address; | |
75 | 76 | const gchar *computer_ou; |
76 | 77 | EggTask *task; |
77 | 78 | GBytes *input = NULL; |
80 | 81 | const gchar *os; |
81 | 82 | gchar *ccache_arg = NULL; |
82 | 83 | gchar *upn_arg = NULL; |
84 | gchar *server_arg = NULL; | |
83 | 85 | |
84 | 86 | g_return_if_fail (cred != NULL); |
85 | 87 | g_return_if_fail (disco != NULL); |
97 | 99 | g_ptr_array_add (args, "--domain-realm"); |
98 | 100 | g_ptr_array_add (args, (gpointer)disco->kerberos_realm); |
99 | 101 | |
100 | if (disco->explicit_server) { | |
102 | if (G_IS_INET_SOCKET_ADDRESS (disco->server_address)) { | |
103 | address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (disco->server_address)); | |
104 | server_arg = g_inet_address_to_string (address); | |
105 | if (server_arg) { | |
106 | g_ptr_array_add (args, "--domain-controller"); | |
107 | g_ptr_array_add (args, server_arg); | |
108 | } | |
109 | ||
110 | } else if (disco->explicit_server) { | |
101 | 111 | g_ptr_array_add (args, "--domain-controller"); |
102 | 112 | g_ptr_array_add (args, (gpointer)disco->explicit_server); |
103 | 113 | } |
172 | 182 | |
173 | 183 | free (ccache_arg); |
174 | 184 | free (upn_arg); |
185 | free (server_arg); | |
175 | 186 | } |
176 | 187 | |
177 | 188 | gboolean |
181 | 192 | g_return_val_if_fail (egg_task_is_valid (result, NULL), FALSE); |
182 | 193 | return egg_task_propagate_boolean (EGG_TASK (result), error); |
183 | 194 | } |
195 | ||
196 | void | |
197 | realm_adcli_enroll_delete_async (RealmDisco *disco, | |
198 | RealmCredential *cred, | |
199 | GVariant *options, | |
200 | GDBusMethodInvocation *invocation, | |
201 | GAsyncReadyCallback callback, | |
202 | gpointer user_data) | |
203 | { | |
204 | gchar *environ[] = { "LANG=C", NULL }; | |
205 | GInetAddress *address; | |
206 | EggTask *task; | |
207 | GBytes *input = NULL; | |
208 | GPtrArray *args; | |
209 | gchar *ccache_arg = NULL; | |
210 | gchar *server_arg = NULL; | |
211 | ||
212 | g_return_if_fail (cred != NULL); | |
213 | g_return_if_fail (disco != NULL); | |
214 | g_return_if_fail (invocation != NULL); | |
215 | ||
216 | task = egg_task_new (NULL, NULL, callback, user_data); | |
217 | args = g_ptr_array_new (); | |
218 | ||
219 | /* Use our custom smb.conf */ | |
220 | g_ptr_array_add (args, (gpointer)realm_settings_path ("adcli")); | |
221 | g_ptr_array_add (args, "delete-computer"); | |
222 | g_ptr_array_add (args, "--verbose"); | |
223 | g_ptr_array_add (args, "--domain"); | |
224 | g_ptr_array_add (args, (gpointer)disco->domain_name); | |
225 | g_ptr_array_add (args, "--domain-realm"); | |
226 | g_ptr_array_add (args, (gpointer)disco->kerberos_realm); | |
227 | ||
228 | if (G_IS_INET_SOCKET_ADDRESS (disco->server_address)) { | |
229 | address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (disco->server_address)); | |
230 | server_arg = g_inet_address_to_string (address); | |
231 | if (server_arg) { | |
232 | g_ptr_array_add (args, "--domain-controller"); | |
233 | g_ptr_array_add (args, server_arg); | |
234 | } | |
235 | ||
236 | } else if (disco->explicit_server) { | |
237 | g_ptr_array_add (args, "--domain-controller"); | |
238 | g_ptr_array_add (args, (gpointer)disco->explicit_server); | |
239 | } | |
240 | ||
241 | switch (cred->type) { | |
242 | case REALM_CREDENTIAL_AUTOMATIC: | |
243 | case REALM_CREDENTIAL_SECRET: | |
244 | g_return_if_reached (); | |
245 | break; | |
246 | case REALM_CREDENTIAL_CCACHE: | |
247 | ccache_arg = g_strdup_printf ("--login-ccache=%s", cred->x.ccache.file); | |
248 | g_ptr_array_add (args, ccache_arg); | |
249 | break; | |
250 | case REALM_CREDENTIAL_PASSWORD: | |
251 | input = g_bytes_ref (cred->x.password.value); | |
252 | g_ptr_array_add (args, "--login-user"); | |
253 | g_ptr_array_add (args, cred->x.password.name); | |
254 | g_ptr_array_add (args, "--stdin-password"); | |
255 | break; | |
256 | } | |
257 | ||
258 | g_ptr_array_add (args, NULL); | |
259 | ||
260 | realm_command_runv_async ((gchar **)args->pdata, environ, input, | |
261 | invocation, on_join_process, | |
262 | g_object_ref (task)); | |
263 | ||
264 | g_ptr_array_free (args, TRUE); | |
265 | g_object_unref (task); | |
266 | ||
267 | if (input) | |
268 | g_bytes_unref (input); | |
269 | ||
270 | free (ccache_arg); | |
271 | g_free (server_arg); | |
272 | } | |
273 | ||
274 | gboolean | |
275 | realm_adcli_enroll_delete_finish (GAsyncResult *result, | |
276 | GError **error) | |
277 | { | |
278 | g_return_val_if_fail (egg_task_is_valid (result, NULL), FALSE); | |
279 | return egg_task_propagate_boolean (EGG_TASK (result), error); | |
280 | } |
35 | 35 | gboolean realm_adcli_enroll_join_finish (GAsyncResult *result, |
36 | 36 | GError **error); |
37 | 37 | |
38 | void realm_adcli_enroll_delete_async (RealmDisco *disco, | |
39 | RealmCredential *cred, | |
40 | GVariant *options, | |
41 | GDBusMethodInvocation *invocation, | |
42 | GAsyncReadyCallback callback, | |
43 | gpointer user_data); | |
44 | ||
45 | gboolean realm_adcli_enroll_delete_finish (GAsyncResult *result, | |
46 | GError **error); | |
47 | ||
38 | 48 | G_END_DECLS |
39 | 49 | |
40 | 50 | #endif /* __REALM_ADCLI_ENROLL_H__ */ |
24 | 24 | |
25 | 25 | typedef struct { |
26 | 26 | gchar *explicit_server; |
27 | GSocketAddress *address; | |
27 | 28 | GSource *source; |
28 | 29 | gint count; |
29 | 30 | gint fever_id; |
39 | 40 | Closure *clo = data; |
40 | 41 | |
41 | 42 | g_free (clo->explicit_server); |
43 | g_object_unref (clo->address); | |
42 | 44 | if (clo->fever_id) |
43 | 45 | g_source_remove (clo->fever_id); |
44 | 46 | if (clo->normal_id) |
243 | 245 | case LDAP_RES_SEARCH_RESULT: |
244 | 246 | g_debug ("Received response"); |
245 | 247 | disco = realm_disco_new (NULL); |
248 | disco->server_address = g_object_ref (clo->address); | |
246 | 249 | if (realm_disco_mscldap_result (ldap, message, disco, &error)) { |
247 | 250 | disco->explicit_server = g_strdup (clo->explicit_server); |
248 | 251 | egg_task_return_pointer (task, disco, realm_disco_unref); |
285 | 288 | task = egg_task_new (NULL, cancellable, callback, user_data); |
286 | 289 | clo = g_new0 (Closure, 1); |
287 | 290 | clo->explicit_server = g_strdup (explicit_server); |
291 | clo->address = g_object_ref (address); | |
288 | 292 | egg_task_set_task_data (task, clo, closure_free); |
289 | 293 | |
290 | 294 | if (protocol == G_SOCKET_PROTOCOL_UDP && |
29 | 29 | struct _Closure { |
30 | 30 | RealmDisco *disco; |
31 | 31 | GSource *source; |
32 | GSocketAddress *address; | |
33 | 32 | GDBusMethodInvocation *invocation; |
34 | 33 | |
35 | 34 | gchar *default_naming_context; |
54 | 53 | |
55 | 54 | g_source_destroy (clo->source); |
56 | 55 | g_source_unref (clo->source); |
57 | g_object_unref (clo->address); | |
58 | 56 | g_clear_object (&clo->invocation); |
59 | 57 | realm_disco_unref (clo->disco); |
60 | 58 | g_free (clo); |
193 | 191 | bvs = ldap_get_values_len (ldap, entry, "info"); |
194 | 192 | if (bvs && bvs[0] && bvs[0]->bv_len >= 3) { |
195 | 193 | if (g_ascii_strncasecmp (bvs[0]->bv_val, "IPA", 3) == 0) |
196 | clo->disco->server_software = REALM_DBUS_IDENTIFIER_FREEIPA; | |
194 | clo->disco->server_software = REALM_DBUS_IDENTIFIER_IPA; | |
197 | 195 | } |
198 | 196 | ldap_value_free_len (bvs); |
199 | 197 | |
323 | 321 | |
324 | 322 | /* Prior to Windows 2003 we have to use UDP for netlogon lookup */ |
325 | 323 | } else { |
326 | inet = G_INET_SOCKET_ADDRESS (clo->address); | |
324 | inet = G_INET_SOCKET_ADDRESS (clo->disco->server_address); | |
327 | 325 | string = g_inet_address_to_string (g_inet_socket_address_get_address (inet)); |
328 | 326 | realm_diagnostics_info (clo->invocation, "Sending MS-CLDAP ping to: %s", string); |
329 | 327 | g_free (string); |
330 | 328 | |
331 | realm_disco_mscldap_async (clo->address, G_SOCKET_PROTOCOL_UDP, | |
329 | realm_disco_mscldap_async (clo->disco->server_address, G_SOCKET_PROTOCOL_UDP, | |
332 | 330 | clo->disco->explicit_server, egg_task_get_cancellable (task), |
333 | 331 | on_udp_mscldap_complete, g_object_ref (task)); |
334 | 332 | |
435 | 433 | clo = g_new0 (Closure, 1); |
436 | 434 | clo->disco = realm_disco_new (NULL); |
437 | 435 | clo->disco->explicit_server = g_strdup (explicit_server); |
438 | clo->address = g_object_ref (address); | |
436 | clo->disco->server_address = g_object_ref (address); | |
437 | ||
439 | 438 | clo->invocation = invocation ? g_object_ref (invocation) : NULL; |
440 | 439 | clo->request = request_root_dse; |
441 | 440 | egg_task_set_task_data (task, clo, closure_free); |
60 | 60 | g_free (disco->explicit_server); |
61 | 61 | g_free (disco->kerberos_realm); |
62 | 62 | g_free (disco->workgroup); |
63 | if (disco->server_address) | |
64 | g_object_unref (disco->server_address); | |
63 | 65 | g_free (disco); |
64 | 66 | } |
65 | 67 | } |
16 | 16 | |
17 | 17 | #include <glib.h> |
18 | 18 | #include <glib-object.h> |
19 | #include <gio/gio.h> | |
19 | 20 | |
20 | 21 | G_BEGIN_DECLS |
21 | 22 | |
26 | 27 | gchar *kerberos_realm; |
27 | 28 | gchar *workgroup; |
28 | 29 | gchar *explicit_server; |
30 | GSocketAddress *server_address; | |
29 | 31 | } RealmDisco; |
30 | 32 | |
31 | 33 | #define REALM_TYPE_DISCO (realm_disco_get_type ()) |
879 | 879 | return parse_config_line_value (self, line->bytes); |
880 | 880 | } |
881 | 881 | |
882 | gboolean | |
883 | realm_ini_config_have (RealmIniConfig *self, | |
884 | const gchar *section, | |
885 | const gchar *name) | |
886 | { | |
887 | ConfigSection *sect; | |
888 | ConfigLine *line; | |
889 | ||
890 | g_return_val_if_fail (REALM_IS_INI_CONFIG (self), FALSE); | |
891 | g_return_val_if_fail (section != NULL, FALSE); | |
892 | g_return_val_if_fail (name != NULL, FALSE); | |
893 | ||
894 | sect = g_hash_table_lookup (self->sections, section); | |
895 | if (sect == NULL) | |
896 | return FALSE; | |
897 | ||
898 | line = g_hash_table_lookup (sect->parameters, name); | |
899 | if (line == NULL) | |
900 | return FALSE; | |
901 | ||
902 | return TRUE; | |
903 | } | |
904 | ||
882 | 905 | GHashTable * |
883 | 906 | realm_ini_config_get_all (RealmIniConfig *self, |
884 | 907 | const gchar *section) |
1045 | 1068 | } |
1046 | 1069 | |
1047 | 1070 | gboolean |
1071 | realm_ini_config_get_boolean (RealmIniConfig *config, | |
1072 | const gchar *section, | |
1073 | const gchar *name, | |
1074 | gboolean defahlt) | |
1075 | { | |
1076 | gboolean ret; | |
1077 | gchar *value; | |
1078 | ||
1079 | g_return_val_if_fail (REALM_IS_INI_CONFIG (config), FALSE); | |
1080 | g_return_val_if_fail (section != NULL, FALSE); | |
1081 | g_return_val_if_fail (name != NULL, FALSE); | |
1082 | ||
1083 | value = realm_ini_config_get (config, section, name); | |
1084 | if (value == NULL) { | |
1085 | ret = defahlt; | |
1086 | } else if (g_ascii_strcasecmp (value, "true") == 0) { | |
1087 | ret = TRUE; | |
1088 | } else if (g_ascii_strcasecmp (value, "false") == 0) { | |
1089 | ret = FALSE; | |
1090 | } else if (config->flags & REALM_INI_STRICT_BOOLEAN) { | |
1091 | g_warning ("Invalid %s boolean value for %s field: %s", | |
1092 | value, config->filename ? config->filename : "", name); | |
1093 | ret = defahlt; | |
1094 | } else if (g_ascii_strcasecmp (value, "1") == 0 || | |
1095 | g_ascii_strcasecmp (value, "yes") == 0) { | |
1096 | ret = TRUE; | |
1097 | } else if (g_ascii_strcasecmp (value, "0") == 0 || | |
1098 | g_ascii_strcasecmp (value, "no") == 0) { | |
1099 | ret = FALSE; | |
1100 | } else { | |
1101 | g_warning ("Invalid %s boolean value for %s field: %s", | |
1102 | value, config->filename ? config->filename : "", name); | |
1103 | ret = defahlt; | |
1104 | } | |
1105 | ||
1106 | g_free (value); | |
1107 | return ret; | |
1108 | } | |
1109 | ||
1110 | gboolean | |
1048 | 1111 | realm_ini_config_have_section (RealmIniConfig *self, |
1049 | 1112 | const gchar *section) |
1050 | 1113 | { |
23 | 23 | REALM_INI_LINE_CONTINUATIONS = 1 << 1, |
24 | 24 | REALM_INI_NO_WATCH = 1 << 2, |
25 | 25 | REALM_INI_PRIVATE = 1 << 3, |
26 | REALM_INI_STRICT_BOOLEAN = 1 << 4, | |
26 | 27 | } RealmIniFlags; |
27 | 28 | |
28 | 29 | #define REALM_TYPE_INI_CONFIG (realm_ini_config_get_type ()) |
84 | 85 | const gchar *section, |
85 | 86 | const gchar *name); |
86 | 87 | |
88 | gboolean realm_ini_config_have (RealmIniConfig *self, | |
89 | const gchar *section, | |
90 | const gchar *name); | |
91 | ||
87 | 92 | gchar ** realm_ini_config_get_list (RealmIniConfig *self, |
88 | 93 | const gchar *section, |
89 | 94 | const gchar *name, |
108 | 113 | void realm_ini_config_set_all (RealmIniConfig *self, |
109 | 114 | const gchar *section, |
110 | 115 | GHashTable *parameters); |
116 | ||
117 | gboolean realm_ini_config_get_boolean (RealmIniConfig *config, | |
118 | const gchar *section, | |
119 | const gchar *name, | |
120 | gboolean defahlt); | |
111 | 121 | |
112 | 122 | gchar ** realm_ini_config_get_sections (RealmIniConfig *self); |
113 | 123 |
697 | 697 | RealmDisco * |
698 | 698 | realm_kerberos_get_disco (RealmKerberos *self) |
699 | 699 | { |
700 | RealmKerberosClass *klass; | |
701 | RealmDisco *disco; | |
702 | ||
700 | 703 | g_return_val_if_fail (REALM_IS_KERBEROS (self), NULL); |
704 | ||
701 | 705 | if (!self->pv->disco) { |
702 | self->pv->disco = realm_disco_new (realm_kerberos_get_name (self)); | |
703 | self->pv->disco->kerberos_realm = g_strdup (realm_kerberos_get_realm_name (self)); | |
704 | } | |
706 | disco = realm_disco_new (NULL); | |
707 | if (!disco->domain_name) | |
708 | disco->domain_name = g_strdup (realm_kerberos_get_domain_name (self)); | |
709 | if (!disco->kerberos_realm) | |
710 | disco->kerberos_realm = g_strdup (realm_kerberos_get_realm_name (self)); | |
711 | klass = REALM_KERBEROS_GET_CLASS (self); | |
712 | if (klass->discover_myself) | |
713 | (klass->discover_myself) (self, disco); | |
714 | self->pv->disco = disco; | |
715 | } | |
716 | ||
705 | 717 | return self->pv->disco; |
706 | 718 | } |
707 | 719 | |
798 | 810 | { |
799 | 811 | g_return_if_fail (REALM_IS_KERBEROS (self)); |
800 | 812 | realm_dbus_kerberos_set_realm_name (self->pv->kerberos_iface, value); |
813 | } | |
814 | ||
815 | const gchar * | |
816 | realm_kerberos_get_domain_name (RealmKerberos *self) | |
817 | { | |
818 | g_return_val_if_fail (REALM_IS_KERBEROS (self), NULL); | |
819 | return realm_dbus_kerberos_get_domain_name (self->pv->kerberos_iface); | |
801 | 820 | } |
802 | 821 | |
803 | 822 | void |
65 | 65 | GAsyncResult *result, |
66 | 66 | GError **error); |
67 | 67 | |
68 | void (* discover_myself) (RealmKerberos *realm, | |
69 | RealmDisco *disco); | |
68 | 70 | }; |
69 | 71 | |
70 | 72 | GType realm_kerberos_get_type (void) G_GNUC_CONST; |
91 | 93 | |
92 | 94 | void realm_kerberos_set_realm_name (RealmKerberos *self, |
93 | 95 | const gchar *value); |
96 | ||
97 | const gchar * realm_kerberos_get_domain_name (RealmKerberos *self); | |
94 | 98 | |
95 | 99 | void realm_kerberos_set_domain_name (RealmKerberos *self, |
96 | 100 | const gchar *value); |
225 | 225 | } |
226 | 226 | |
227 | 227 | if (error == NULL) { |
228 | missing = package_names_to_list (names); | |
228 | 229 | if (package_ids == NULL || *package_ids == NULL) { |
229 | 230 | egg_task_return_boolean (task, TRUE); |
230 | 231 | |
231 | 232 | } else if (!install->automatic) { |
232 | missing = package_names_to_list (names); | |
233 | 233 | g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED, |
234 | 234 | _("Necessary packages are not installed: %s"), missing); |
235 | g_free (missing); | |
236 | 235 | |
237 | 236 | } else { |
237 | /* String should match that in realm-client.c */ | |
238 | realm_diagnostics_info (install->invocation, "%s: %s", | |
239 | _("Installing necessary packages"), missing); | |
238 | 240 | cancellable = realm_invocation_get_cancellable (install->invocation); |
239 | 241 | pk_task_install_packages_async (install->task, package_ids, cancellable, |
240 | 242 | on_install_progress, install, |
241 | 243 | on_install_installed, g_object_ref (task)); |
242 | 244 | } |
245 | ||
246 | g_free (missing); | |
243 | 247 | } |
244 | 248 | |
245 | 249 | if (error != NULL) { |
489 | 489 | g_return_val_if_fail (client_software != NULL, FALSE); |
490 | 490 | |
491 | 491 | if (g_variant_lookup (options, REALM_DBUS_OPTION_SERVER_SOFTWARE, "&s", &string)) { |
492 | if (g_str_equal (string, REALM_DBUS_IDENTIFIER_FREEIPA)) | |
493 | string = REALM_DBUS_IDENTIFIER_IPA; | |
492 | 494 | if (!g_str_equal (server_software, string)) |
493 | 495 | return FALSE; |
494 | 496 | } |
76 | 76 | GAsyncReadyCallback callback, |
77 | 77 | gpointer user_data) |
78 | 78 | { |
79 | RealmIniConfig *pwc; | |
79 | 80 | EggTask *task; |
80 | 81 | GError *error = NULL; |
81 | 82 | |
117 | 118 | realm_ini_config_finish_change (config, &error); |
118 | 119 | } |
119 | 120 | |
121 | /* Setup pam_winbind.conf with decent defaults matching our expectations */ | |
122 | if (error == NULL) { | |
123 | pwc = realm_ini_config_new (REALM_INI_NO_WATCH); | |
124 | realm_ini_config_set_filename (pwc, realm_settings_path ("pam_winbind.conf")); | |
125 | realm_ini_config_change (pwc, "global", &error, | |
126 | "krb5_auth", "yes", | |
127 | "krb5_ccache_type", "FILE", | |
128 | "cached_login", "yes", | |
129 | NULL); | |
130 | g_object_unref (pwc); | |
131 | } | |
132 | ||
120 | 133 | if (error == NULL) { |
121 | 134 | realm_service_enable_and_restart ("winbind", invocation, |
122 | 135 | on_enable_do_nss, g_object_ref (task)); |
660 | 660 | static const RealmCredential join_supported[] = { |
661 | 661 | { REALM_CREDENTIAL_PASSWORD, REALM_CREDENTIAL_OWNER_ADMIN }, |
662 | 662 | { REALM_CREDENTIAL_PASSWORD, REALM_CREDENTIAL_OWNER_USER }, |
663 | { REALM_CREDENTIAL_CCACHE, REALM_CREDENTIAL_OWNER_ADMIN }, | |
663 | 664 | { 0, }, |
664 | 665 | }; |
665 | 666 |
156 | 156 | configure_sssd_for_domain (RealmIniConfig *config, |
157 | 157 | RealmDisco *disco, |
158 | 158 | GVariant *options, |
159 | gboolean use_adcli, | |
159 | 160 | GError **error) |
160 | 161 | { |
162 | GString *realmd_tags; | |
161 | 163 | const gchar *access_provider; |
162 | const gchar *realmd_tags; | |
164 | const gchar *shell; | |
163 | 165 | gboolean qualify; |
164 | 166 | gboolean ret; |
165 | 167 | gchar *section; |
167 | 169 | |
168 | 170 | home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home")); |
169 | 171 | qualify = realm_options_qualify_names (disco->domain_name); |
170 | realmd_tags = realm_options_manage_system (options, disco->domain_name) ? "manages-system" : ""; | |
172 | shell = realm_settings_string ("users", "default-shell"); | |
173 | ||
174 | realmd_tags = g_string_new (""); | |
175 | if (realm_options_manage_system (options, disco->domain_name)) | |
176 | g_string_append (realmd_tags, "manages-system "); | |
177 | g_string_append (realmd_tags, use_adcli ? "joined-with-adcli " : "joined-with-samba "); | |
171 | 178 | |
172 | 179 | ret = realm_sssd_config_add_domain (config, disco->domain_name, error, |
173 | 180 | "cache_credentials", "True", |
179 | 186 | "krb5_realm", disco->kerberos_realm, |
180 | 187 | "krb5_store_password_if_offline", "True", |
181 | 188 | "ldap_id_mapping", realm_options_automatic_mapping (disco->domain_name) ? "True" : "False", |
182 | "realmd_tags", realmd_tags, | |
189 | "realmd_tags", realmd_tags->str, | |
183 | 190 | |
184 | 191 | "fallback_homedir", home, |
192 | "default_shell", shell, | |
185 | 193 | disco->explicit_server ? "ad_server" : NULL, disco->explicit_server, |
186 | 194 | NULL); |
195 | ||
196 | g_string_free (realmd_tags, TRUE); | |
187 | 197 | |
188 | 198 | if (ret) { |
189 | 199 | if (realm_options_manage_system (options, disco->domain_name)) |
225 | 235 | |
226 | 236 | if (error == NULL) { |
227 | 237 | configure_sssd_for_domain (realm_sssd_get_config (sssd), join->disco, |
228 | join->options, &error); | |
238 | join->options, join->use_adcli, &error); | |
229 | 239 | } |
230 | 240 | |
231 | 241 | if (error == NULL) { |
408 | 418 | typedef struct { |
409 | 419 | GDBusMethodInvocation *invocation; |
410 | 420 | gchar *realm_name; |
421 | gboolean use_adcli; | |
411 | 422 | } LeaveClosure; |
412 | 423 | |
413 | 424 | static void |
430 | 441 | GError *error = NULL; |
431 | 442 | |
432 | 443 | /* We don't care if we can leave or not, just continue with other steps */ |
433 | realm_samba_enroll_leave_finish (result, &error); | |
444 | if (leave->use_adcli) | |
445 | realm_adcli_enroll_delete_finish (result, &error); | |
446 | else | |
447 | realm_samba_enroll_leave_finish (result, &error); | |
448 | ||
434 | 449 | if (error != NULL) { |
435 | 450 | realm_diagnostics_error (leave->invocation, error, NULL); |
436 | 451 | g_error_free (error); |
451 | 466 | { |
452 | 467 | RealmSssdAd *self = REALM_SSSD_AD (membership); |
453 | 468 | RealmKerberos *realm = REALM_KERBEROS (self); |
469 | RealmSssd *sssd = REALM_SSSD (self); | |
470 | const gchar *section; | |
454 | 471 | EggTask *task; |
455 | 472 | LeaveClosure *leave; |
473 | gchar *tags; | |
456 | 474 | |
457 | 475 | task = egg_task_new (self, NULL, callback, user_data); |
458 | 476 | |
459 | 477 | /* Check that enrolled in this realm */ |
460 | if (!realm_sssd_get_config_section (REALM_SSSD (self))) { | |
478 | section = realm_sssd_get_config_section (sssd); | |
479 | if (!section) { | |
461 | 480 | egg_task_return_new_error (task, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED, |
462 | 481 | _("Not currently joined to this domain")); |
463 | 482 | g_object_unref (task); |
464 | 483 | return; |
465 | 484 | } |
485 | ||
486 | tags = realm_ini_config_get (realm_sssd_get_config (sssd), section, "realmd_tags"); | |
466 | 487 | |
467 | 488 | switch (cred->type) { |
468 | 489 | case REALM_CREDENTIAL_AUTOMATIC: |
473 | 494 | leave = g_new0 (LeaveClosure, 1); |
474 | 495 | leave->realm_name = g_strdup (realm_kerberos_get_realm_name (realm)); |
475 | 496 | leave->invocation = g_object_ref (invocation); |
497 | leave->use_adcli = strstr (tags ? tags : "", "joined-with-adcli") ? TRUE : FALSE; | |
476 | 498 | egg_task_set_task_data (task, leave, leave_closure_free); |
477 | realm_samba_enroll_leave_async (realm_kerberos_get_disco (realm), cred, options, invocation, | |
478 | on_leave_do_deconfigure, g_object_ref (task)); | |
499 | if (leave->use_adcli) { | |
500 | realm_adcli_enroll_delete_async (realm_kerberos_get_disco (realm), | |
501 | cred, options, invocation, | |
502 | on_leave_do_deconfigure, g_object_ref (task)); | |
503 | } else { | |
504 | realm_samba_enroll_leave_async (realm_kerberos_get_disco (realm), | |
505 | cred, options, invocation, | |
506 | on_leave_do_deconfigure, g_object_ref (task)); | |
507 | } | |
479 | 508 | break; |
480 | 509 | default: |
481 | 510 | g_return_if_reached (); |
482 | 511 | } |
483 | 512 | |
513 | g_free (tags); | |
484 | 514 | g_object_unref (task); |
485 | 515 | } |
486 | 516 | |
492 | 522 | return egg_task_propagate_boolean (EGG_TASK (result), error); |
493 | 523 | } |
494 | 524 | |
525 | static void | |
526 | realm_sssd_ad_discover_myself (RealmKerberos *realm, | |
527 | RealmDisco *disco) | |
528 | { | |
529 | RealmSssd *sssd = REALM_SSSD (realm); | |
530 | gchar *explicit_server; | |
531 | ||
532 | explicit_server = realm_ini_config_get (realm_sssd_get_config (sssd), | |
533 | realm_sssd_get_config_section (sssd), | |
534 | "ad_server"); | |
535 | ||
536 | g_free (disco->explicit_server); | |
537 | disco->explicit_server = explicit_server; | |
538 | } | |
539 | ||
495 | 540 | void |
496 | 541 | realm_sssd_ad_class_init (RealmSssdAdClass *klass) |
497 | 542 | { |
498 | 543 | GObjectClass *object_class = G_OBJECT_CLASS (klass); |
544 | RealmKerberosClass *kerberos_class = REALM_KERBEROS_CLASS (klass); | |
499 | 545 | RealmSssdClass *sssd_class = REALM_SSSD_CLASS (klass); |
500 | 546 | |
501 | 547 | object_class->constructed = realm_sssd_ad_constructed; |
502 | 548 | |
503 | 549 | /* The provider in sssd.conf relevant to this realm type */ |
504 | 550 | sssd_class->sssd_conf_provider_name = "ad"; |
551 | ||
552 | kerberos_class->discover_myself = realm_sssd_ad_discover_myself; | |
505 | 553 | } |
506 | 554 | |
507 | 555 | static void |
30 | 30 | const gchar *filename; |
31 | 31 | GError *err = NULL; |
32 | 32 | |
33 | config = realm_ini_config_new (flags | REALM_INI_PRIVATE); | |
33 | config = realm_ini_config_new (flags | REALM_INI_PRIVATE | REALM_INI_STRICT_BOOLEAN); | |
34 | 34 | |
35 | 35 | filename = realm_settings_path ("sssd.conf"); |
36 | 36 | realm_ini_config_read_file (config, filename, &err); |
105 | 105 | GHashTable *parameters; |
106 | 106 | const gchar *name; |
107 | 107 | const gchar *value; |
108 | gchar *shell; | |
109 | ||
110 | /* Always make sure this is set */ | |
111 | shell = realm_ini_config_get (config, "nss", "default_shell"); | |
112 | if (shell == NULL) { | |
113 | realm_ini_config_set (config, "nss", "default_shell", | |
114 | realm_settings_string ("users", "default-shell"), NULL); | |
115 | } | |
116 | g_free (shell); | |
117 | 108 | |
118 | 109 | parameters = g_hash_table_new (g_str_hash, g_str_equal); |
119 | 110 | while ((name = va_arg (va, const gchar *)) != NULL) { |
156 | 147 | } |
157 | 148 | |
158 | 149 | /* Setup a default sssd section */ |
159 | if (!realm_ini_config_have_section (config, "sssd")) { | |
160 | realm_ini_config_set (config, "sssd", | |
161 | "services", "nss, pam", | |
162 | "config_file_version", "2", | |
163 | NULL); | |
164 | } | |
150 | if (!realm_ini_config_have (config, "section", "services")) | |
151 | realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL); | |
152 | if (!realm_ini_config_have (config, "sssd", "config_file_version")) | |
153 | realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL); | |
165 | 154 | |
166 | 155 | domains[0] = domain; |
167 | 156 | domains[1] = NULL; |
44 | 44 | } RealmSssdIpaClass; |
45 | 45 | |
46 | 46 | static const gchar *IPA_PACKAGES[] = { |
47 | REALM_DBUS_IDENTIFIER_FREEIPA, | |
47 | REALM_DBUS_IDENTIFIER_IPA, | |
48 | 48 | REALM_DBUS_IDENTIFIER_SSSD, |
49 | 49 | NULL |
50 | 50 | }; |
69 | 69 | G_OBJECT_CLASS (realm_sssd_ipa_parent_class)->constructed (obj); |
70 | 70 | |
71 | 71 | realm_kerberos_set_details (kerberos, |
72 | REALM_DBUS_OPTION_SERVER_SOFTWARE, REALM_DBUS_IDENTIFIER_FREEIPA, | |
72 | REALM_DBUS_OPTION_SERVER_SOFTWARE, REALM_DBUS_IDENTIFIER_IPA, | |
73 | 73 | REALM_DBUS_OPTION_CLIENT_SOFTWARE, REALM_DBUS_IDENTIFIER_SSSD, |
74 | 74 | NULL); |
75 | 75 | |
165 | 165 | GString *output = NULL; |
166 | 166 | RealmIniConfig *config; |
167 | 167 | const gchar *domain; |
168 | const gchar *shell; | |
168 | 169 | gchar *section; |
169 | 170 | gchar *home; |
170 | 171 | gint status; |
190 | 191 | |
191 | 192 | domain = realm_kerberos_get_name (realm); |
192 | 193 | config = realm_sssd_get_config (sssd); |
194 | shell = realm_settings_string ("users", "default-shell"); | |
193 | 195 | |
194 | 196 | if (error == NULL) { |
195 | 197 | home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home")); |
199 | 201 | "cache_credentials", "True", |
200 | 202 | "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False", |
201 | 203 | "krb5_store_password_if_offline", "True", |
204 | "default_shell", shell, | |
202 | 205 | "fallback_homedir", home, |
203 | 206 | "realmd_tags", realmd_tags, |
204 | 207 | NULL); |
308 | 311 | _("The computer-ou argument is not supported when joining an IPA domain.")); |
309 | 312 | |
310 | 313 | } else if (g_variant_lookup (options, REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, "&s", &software) && |
311 | !g_str_equal (software, REALM_DBUS_IDENTIFIER_FREEIPA)) { | |
314 | !g_str_equal (software, REALM_DBUS_IDENTIFIER_FREEIPA) && | |
315 | !g_str_equal (software, REALM_DBUS_IDENTIFIER_IPA)) { | |
312 | 316 | egg_task_return_new_error (task, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, |
313 | 317 | _("Unsupported or unknown membership software '%s'"), software); |
314 | 318 | |
333 | 337 | push_arg (argv, "--mkhomedir"); |
334 | 338 | push_arg (argv, "--enable-dns-updates"); |
335 | 339 | push_arg (argv, "--unattended"); |
340 | push_arg (argv, "--force-join"); | |
336 | 341 | |
337 | 342 | /* If the caller specified a server directly */ |
338 | 343 | if (disco->explicit_server) { |
132 | 132 | !realm_provider_match_software (options, |
133 | 133 | REALM_DBUS_IDENTIFIER_FREEIPA, |
134 | 134 | REALM_DBUS_IDENTIFIER_SSSD, |
135 | REALM_DBUS_IDENTIFIER_FREEIPA)) { | |
135 | REALM_DBUS_IDENTIFIER_FREEIPA) && | |
136 | !realm_provider_match_software (options, | |
137 | REALM_DBUS_IDENTIFIER_IPA, | |
138 | REALM_DBUS_IDENTIFIER_SSSD, | |
139 | REALM_DBUS_IDENTIFIER_IPA)) { | |
136 | 140 | egg_task_return_pointer (task, NULL, NULL); |
137 | 141 | |
138 | 142 | } else { |
171 | 175 | disco->domain_name, disco); |
172 | 176 | priority = realm_provider_is_default (REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY, REALM_DBUS_IDENTIFIER_SSSD) ? 100 : 50; |
173 | 177 | |
174 | } else if (g_str_equal (disco->server_software, REALM_DBUS_IDENTIFIER_FREEIPA)) { | |
178 | } else if (g_str_equal (disco->server_software, REALM_DBUS_IDENTIFIER_IPA)) { | |
175 | 179 | realm = realm_provider_lookup_or_register_realm (provider, |
176 | 180 | REALM_TYPE_SSSD_IPA, |
177 | 181 | disco->domain_name, disco); |
250 | 250 | realm_kerberos_set_manages_system (REALM_KERBEROS (self), manages_system); |
251 | 251 | } |
252 | 252 | |
253 | static void | |
254 | update_realm_name (RealmSssd *self) | |
253 | static gchar * | |
254 | calc_realm_name (RealmSssd *self) | |
255 | 255 | { |
256 | 256 | RealmKerberos *kerberos = REALM_KERBEROS (self); |
257 | 257 | const char *name; |
271 | 271 | realm = name ? g_ascii_strup (name, -1) : NULL; |
272 | 272 | } |
273 | 273 | |
274 | realm_kerberos_set_realm_name (kerberos, realm); | |
274 | return realm; | |
275 | } | |
276 | ||
277 | static void | |
278 | update_realm_name (RealmSssd *self) | |
279 | { | |
280 | gchar *realm = calc_realm_name (self); | |
281 | realm_kerberos_set_realm_name (REALM_KERBEROS (self), realm); | |
275 | 282 | g_free (realm); |
276 | 283 | } |
277 | 284 | |
278 | static void | |
279 | update_domain (RealmSssd *self) | |
285 | static gchar * | |
286 | calc_domain (RealmSssd *self) | |
280 | 287 | { |
281 | 288 | RealmKerberos *kerberos = REALM_KERBEROS (self); |
282 | 289 | const char *name; |
296 | 303 | domain = name ? g_ascii_strdown (name, -1) : NULL; |
297 | 304 | } |
298 | 305 | |
299 | realm_kerberos_set_domain_name (kerberos, domain); | |
306 | return domain; | |
307 | } | |
308 | ||
309 | static void | |
310 | update_domain (RealmSssd *self) | |
311 | { | |
312 | gchar *domain = calc_domain (self); | |
313 | realm_kerberos_set_domain_name (REALM_KERBEROS (self), domain); | |
300 | 314 | g_free (domain); |
301 | 315 | } |
302 | 316 | |
332 | 346 | RealmKerberos *kerberos = REALM_KERBEROS (self); |
333 | 347 | gchar *login_formats[2] = { NULL, NULL }; |
334 | 348 | gchar *format = NULL; |
349 | gboolean qualify; | |
335 | 350 | |
336 | 351 | if (self->pv->section == NULL) { |
352 | realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats); | |
353 | return; | |
354 | } | |
355 | ||
356 | qualify = realm_ini_config_get_boolean (self->pv->config, self->pv->section, | |
357 | "use_fully_qualified_names", FALSE); | |
358 | ||
359 | if (!qualify) { | |
360 | login_formats[0] = "%U"; | |
337 | 361 | realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats); |
338 | 362 | return; |
339 | 363 | } |
9 | 9 | sssd.conf = /etc/sssd/sssd.conf |
10 | 10 | adcli = /usr/sbin/adcli |
11 | 11 | ipa-client-install = /usr/sbin/ipa-client-install |
12 | pam_winbind.conf = /etc/security/pam_winbind.conf | |
12 | 13 | |
13 | 14 | [active-directory] |
14 | 15 | default-client = sssd |
7 | 7 | [winbind-packages] |
8 | 8 | samba-winbind = /usr/sbin/winbindd |
9 | 9 | samba-winbind-clients = /usr/bin/wbinfo |
10 | oddjob = /usr/sbin/oddjobd | |
11 | oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir | |
10 | 12 | |
11 | 13 | [sssd-packages] |
12 | 14 | sssd = /usr/sbin/sssd |
15 | oddjob = /usr/sbin/oddjobd | |
16 | oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir | |
13 | 17 | |
14 | 18 | [adcli-packages] |
15 | 19 | adcli = /usr/sbin/adcli |
16 | 20 | |
17 | [freeipa-packages] | |
21 | [ipa-packages] | |
18 | 22 | freeipa-client = /usr/sbin/ipa-client-install |
19 | 23 | |
20 | 24 | [commands] |
21 | # HACK: Hack around authconfig bug: https://bugzilla.redhat.com/show_bug.cgi?id=964971 | |
22 | 25 | winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service" |
23 | 26 | winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart |
24 | 27 | winbind-enable-service = /usr/bin/systemctl enable winbind.service |
26 | 29 | winbind-restart-service = /usr/bin/systemctl restart winbind.service |
27 | 30 | winbind-stop-service = /usr/bin/systemctl stop winbind.service |
28 | 31 | |
29 | # HACK: Hack around oddjobd bug: https://bugzilla.redhat.com/show_bug.cgi?id=964971 | |
30 | 32 | sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service" |
31 | 33 | sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart |
32 | 34 | sssd-enable-service = /usr/bin/systemctl enable sssd.service |
14 | 14 | [adcli-packages] |
15 | 15 | adcli = /usr/sbin/adcli |
16 | 16 | |
17 | [freeipa-packages] | |
17 | [ipa-packages] | |
18 | 18 | freeipa-client = /usr/sbin/ipa-client-install |
19 | 19 | |
20 | 20 | [commands] |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
14 | 14 | @SET_MAKE@ |
15 | 15 | |
16 | 16 | VPATH = @srcdir@ |
17 | am__make_dryrun = \ | |
18 | { \ | |
19 | am__dry=no; \ | |
17 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
18 | am__make_running_with_option = \ | |
19 | case $${target_option-} in \ | |
20 | ?) ;; \ | |
21 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
22 | "target option '$${target_option-}' specified" >&2; \ | |
23 | exit 1;; \ | |
24 | esac; \ | |
25 | has_opt=no; \ | |
26 | sane_makeflags=$$MAKEFLAGS; \ | |
27 | if $(am__is_gnu_make); then \ | |
28 | sane_makeflags=$$MFLAGS; \ | |
29 | else \ | |
20 | 30 | case $$MAKEFLAGS in \ |
21 | 31 | *\\[\ \ ]*) \ |
22 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
23 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
24 | *) \ | |
25 | for am__flg in $$MAKEFLAGS; do \ | |
26 | case $$am__flg in \ | |
27 | *=*|--*) ;; \ | |
28 | *n*) am__dry=yes; break;; \ | |
29 | esac; \ | |
30 | done;; \ | |
32 | bs=\\; \ | |
33 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
34 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
31 | 35 | esac; \ |
32 | test $$am__dry = yes; \ | |
33 | } | |
36 | fi; \ | |
37 | skip_next=no; \ | |
38 | strip_trailopt () \ | |
39 | { \ | |
40 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
41 | }; \ | |
42 | for flg in $$sane_makeflags; do \ | |
43 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
44 | case $$flg in \ | |
45 | *=*|--*) continue;; \ | |
46 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
47 | -*I?*) strip_trailopt 'I';; \ | |
48 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
49 | -*O?*) strip_trailopt 'O';; \ | |
50 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
51 | -*l?*) strip_trailopt 'l';; \ | |
52 | -[dEDm]) skip_next=yes;; \ | |
53 | -[JT]) skip_next=yes;; \ | |
54 | esac; \ | |
55 | case $$flg in \ | |
56 | *$$target_option*) has_opt=yes; break;; \ | |
57 | esac; \ | |
58 | done; \ | |
59 | test $$has_opt = yes | |
60 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
61 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
34 | 62 | pkgdatadir = $(datadir)/@PACKAGE@ |
35 | 63 | pkgincludedir = $(includedir)/@PACKAGE@ |
36 | 64 | pkglibdir = $(libdir)/@PACKAGE@ |
453 | 481 | |
454 | 482 | clean-noinstPROGRAMS: |
455 | 483 | -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) |
484 | ||
456 | 485 | frob-install-packages$(EXEEXT): $(frob_install_packages_OBJECTS) $(frob_install_packages_DEPENDENCIES) $(EXTRA_frob_install_packages_DEPENDENCIES) |
457 | 486 | @rm -f frob-install-packages$(EXEEXT) |
458 | 487 | $(AM_V_CCLD)$(frob_install_packages_LINK) $(frob_install_packages_OBJECTS) $(frob_install_packages_LDADD) $(LIBS) |
488 | ||
459 | 489 | test-ini-config$(EXEEXT): $(test_ini_config_OBJECTS) $(test_ini_config_DEPENDENCIES) $(EXTRA_test_ini_config_DEPENDENCIES) |
460 | 490 | @rm -f test-ini-config$(EXEEXT) |
461 | 491 | $(AM_V_CCLD)$(LINK) $(test_ini_config_OBJECTS) $(test_ini_config_LDADD) $(LIBS) |
492 | ||
462 | 493 | test-login-name$(EXEEXT): $(test_login_name_OBJECTS) $(test_login_name_DEPENDENCIES) $(EXTRA_test_login_name_DEPENDENCIES) |
463 | 494 | @rm -f test-login-name$(EXEEXT) |
464 | 495 | $(AM_V_CCLD)$(LINK) $(test_login_name_OBJECTS) $(test_login_name_LDADD) $(LIBS) |
496 | ||
465 | 497 | test-samba-ou-format$(EXEEXT): $(test_samba_ou_format_OBJECTS) $(test_samba_ou_format_DEPENDENCIES) $(EXTRA_test_samba_ou_format_DEPENDENCIES) |
466 | 498 | @rm -f test-samba-ou-format$(EXEEXT) |
467 | 499 | $(AM_V_CCLD)$(LINK) $(test_samba_ou_format_OBJECTS) $(test_samba_ou_format_LDADD) $(LIBS) |
500 | ||
468 | 501 | test-settings$(EXEEXT): $(test_settings_OBJECTS) $(test_settings_DEPENDENCIES) $(EXTRA_test_settings_DEPENDENCIES) |
469 | 502 | @rm -f test-settings$(EXEEXT) |
470 | 503 | $(AM_V_CCLD)$(LINK) $(test_settings_OBJECTS) $(test_settings_LDADD) $(LIBS) |
504 | ||
471 | 505 | test-sssd-config$(EXEEXT): $(test_sssd_config_OBJECTS) $(test_sssd_config_DEPENDENCIES) $(EXTRA_test_sssd_config_DEPENDENCIES) |
472 | 506 | @rm -f test-sssd-config$(EXEEXT) |
473 | 507 | $(AM_V_CCLD)$(LINK) $(test_sssd_config_OBJECTS) $(test_sssd_config_LDADD) $(LIBS) |
344 | 344 | } |
345 | 345 | |
346 | 346 | static void |
347 | test_have (Test *test, | |
348 | gconstpointer unused) | |
349 | { | |
350 | const gchar *data = "[section]\n\t1= one\r\n2=two\n3=three"; | |
351 | realm_ini_config_read_string (test->config, data); | |
352 | ||
353 | g_assert_cmpint (realm_ini_config_have (test->config, "section", "1"), ==, TRUE); | |
354 | g_assert_cmpint (realm_ini_config_have (test->config, "section", "not there"), ==, FALSE); | |
355 | g_assert_cmpint (realm_ini_config_have (test->config, "invalid", "2"), ==, FALSE); | |
356 | } | |
357 | ||
358 | static void | |
347 | 359 | test_set_section (Test *test, |
348 | 360 | gconstpointer unused) |
349 | 361 | { |
632 | 644 | g_free (output); |
633 | 645 | } |
634 | 646 | |
647 | static void | |
648 | test_get_boolean (void) | |
649 | { | |
650 | RealmIniConfig *config; | |
651 | ||
652 | config = realm_ini_config_new (0); | |
653 | ||
654 | realm_ini_config_read_string (config, "[section]\nboolean = true"); | |
655 | g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "boolean", FALSE)); | |
656 | ||
657 | realm_ini_config_read_string (config, "[section]\nboolean = FalSE"); | |
658 | g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE)); | |
659 | ||
660 | realm_ini_config_read_string (config, "[section]\nboolean = false"); | |
661 | g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE)); | |
662 | ||
663 | realm_ini_config_read_string (config, "[section]\nboolean = false"); | |
664 | g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "non-existant", TRUE)); | |
665 | ||
666 | realm_ini_config_read_string (config, "[section]\nboolean = false"); | |
667 | g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "non-existant", TRUE)); | |
668 | ||
669 | realm_ini_config_read_string (config, "[section]\nboolean = yes"); | |
670 | g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE)); | |
671 | ||
672 | realm_ini_config_read_string (config, "[section]\nboolean = no"); | |
673 | g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", FALSE)); | |
674 | ||
675 | realm_ini_config_read_string (config, "[section]\nboolean = 1"); | |
676 | g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE)); | |
677 | ||
678 | realm_ini_config_read_string (config, "[section]\nboolean = 0"); | |
679 | g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", FALSE)); | |
680 | ||
681 | g_object_unref (config); | |
682 | } | |
683 | ||
635 | 684 | int |
636 | 685 | main (int argc, |
637 | 686 | char **argv) |
652 | 701 | g_test_add ("/realmd/ini-config/write-exact", Test, NULL, setup, test_write_exact, teardown); |
653 | 702 | g_test_add ("/realmd/ini-config/write-file", Test, NULL, setup, test_write_file, teardown); |
654 | 703 | g_test_add ("/realmd/ini-config/write-empty-no-create", Test, NULL, setup, test_write_empty_no_create, teardown); |
704 | ||
705 | g_test_add ("/realmd/ini-config/have", Test, NULL, setup, test_have, teardown); | |
655 | 706 | |
656 | 707 | g_test_add ("/realmd/ini-config/set", Test, NULL, setup, test_set, teardown); |
657 | 708 | g_test_add ("/realmd/ini-config/set-middle", Test, NULL, setup, test_set_middle, teardown); |
677 | 728 | g_test_add ("/realmd/ini-config/change-list-null-add", Test, NULL, setup, test_change_list_null_add, teardown); |
678 | 729 | g_test_add ("/realmd/ini-config/change-list-null-remove", Test, NULL, setup, test_change_list_null_remove, teardown); |
679 | 730 | |
731 | g_test_add_func ("/realmd/ini-config/get-boolean", test_get_boolean); | |
732 | ||
680 | 733 | return g_test_run (); |
681 | 734 | } |
89 | 89 | gconstpointer unused) |
90 | 90 | { |
91 | 91 | const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one"; |
92 | const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\n\n[nss]\ndefault_shell = /bin/bash\n\n[domain/two]\ndos = 2\n"; | |
92 | const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n"; | |
93 | 93 | GError *error = NULL; |
94 | 94 | gchar *output; |
95 | 95 | gboolean ret; |
139 | 139 | test_add_domain_only (Test *test, |
140 | 140 | gconstpointer unused) |
141 | 141 | { |
142 | const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[nss]\ndefault_shell = /bin/bash\n\n[domain/two]\ndos = 2\n"; | |
142 | const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n"; | |
143 | 143 | GError *error = NULL; |
144 | 144 | gchar *output; |
145 | 145 | gboolean ret; |
167 | 167 | gconstpointer unused) |
168 | 168 | { |
169 | 169 | const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one"; |
170 | const gchar *check = "[domain/one]\nval=1\nuno = 1\neins = one\n[sssd]\ndomains=one\n\n[nss]\ndefault_shell = /bin/bash\n"; | |
170 | const gchar *check = "[domain/one]\nval=1\nuno = 1\neins = one\n[sssd]\ndomains=one"; | |
171 | 171 | GError *error = NULL; |
172 | 172 | gchar *output; |
173 | 173 | gboolean ret; |
304 | 304 | test_remove_and_add_domain (Test *test, |
305 | 305 | gconstpointer unused) |
306 | 306 | { |
307 | const gchar *data = "[domain/one]\nval = 1\n\n[nss]\ndefault_shell = /bin/bash\n\n[sssd]\ndomains = one, two\n\n[domain/two]\nval = 2\n"; | |
307 | const gchar *data = "[domain/one]\nval = 1\n\n[nss]\ndefault_shell = /bin/bash\n\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\nval = 2\n"; | |
308 | 308 | GError *error = NULL; |
309 | 309 | gchar *output; |
310 | 310 | gboolean ret; |
0 | # Makefile.in generated by automake 1.13.1 from Makefile.am. | |
0 | # Makefile.in generated by automake 1.13.4 from Makefile.am. | |
1 | 1 | # @configure_input@ |
2 | 2 | |
3 | # Copyright (C) 1994-2012 Free Software Foundation, Inc. | |
3 | # Copyright (C) 1994-2013 Free Software Foundation, Inc. | |
4 | 4 | |
5 | 5 | # This Makefile.in is free software; the Free Software Foundation |
6 | 6 | # gives unlimited permission to copy and/or distribute it, |
14 | 14 | @SET_MAKE@ |
15 | 15 | |
16 | 16 | VPATH = @srcdir@ |
17 | am__make_dryrun = \ | |
18 | { \ | |
19 | am__dry=no; \ | |
17 | am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' | |
18 | am__make_running_with_option = \ | |
19 | case $${target_option-} in \ | |
20 | ?) ;; \ | |
21 | *) echo "am__make_running_with_option: internal error: invalid" \ | |
22 | "target option '$${target_option-}' specified" >&2; \ | |
23 | exit 1;; \ | |
24 | esac; \ | |
25 | has_opt=no; \ | |
26 | sane_makeflags=$$MAKEFLAGS; \ | |
27 | if $(am__is_gnu_make); then \ | |
28 | sane_makeflags=$$MFLAGS; \ | |
29 | else \ | |
20 | 30 | case $$MAKEFLAGS in \ |
21 | 31 | *\\[\ \ ]*) \ |
22 | echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | |
23 | | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ | |
24 | *) \ | |
25 | for am__flg in $$MAKEFLAGS; do \ | |
26 | case $$am__flg in \ | |
27 | *=*|--*) ;; \ | |
28 | *n*) am__dry=yes; break;; \ | |
29 | esac; \ | |
30 | done;; \ | |
32 | bs=\\; \ | |
33 | sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | |
34 | | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ | |
31 | 35 | esac; \ |
32 | test $$am__dry = yes; \ | |
33 | } | |
36 | fi; \ | |
37 | skip_next=no; \ | |
38 | strip_trailopt () \ | |
39 | { \ | |
40 | flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ | |
41 | }; \ | |
42 | for flg in $$sane_makeflags; do \ | |
43 | test $$skip_next = yes && { skip_next=no; continue; }; \ | |
44 | case $$flg in \ | |
45 | *=*|--*) continue;; \ | |
46 | -*I) strip_trailopt 'I'; skip_next=yes;; \ | |
47 | -*I?*) strip_trailopt 'I';; \ | |
48 | -*O) strip_trailopt 'O'; skip_next=yes;; \ | |
49 | -*O?*) strip_trailopt 'O';; \ | |
50 | -*l) strip_trailopt 'l'; skip_next=yes;; \ | |
51 | -*l?*) strip_trailopt 'l';; \ | |
52 | -[dEDm]) skip_next=yes;; \ | |
53 | -[JT]) skip_next=yes;; \ | |
54 | esac; \ | |
55 | case $$flg in \ | |
56 | *$$target_option*) has_opt=yes; break;; \ | |
57 | esac; \ | |
58 | done; \ | |
59 | test $$has_opt = yes | |
60 | am__make_dryrun = (target_option=n; $(am__make_running_with_option)) | |
61 | am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) | |
34 | 62 | pkgdatadir = $(datadir)/@PACKAGE@ |
35 | 63 | pkgincludedir = $(includedir)/@PACKAGE@ |
36 | 64 | pkglibdir = $(libdir)/@PACKAGE@ |
407 | 435 | |
408 | 436 | clean-sbinPROGRAMS: |
409 | 437 | -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) |
438 | ||
410 | 439 | realm$(EXEEXT): $(realm_OBJECTS) $(realm_DEPENDENCIES) $(EXTRA_realm_DEPENDENCIES) |
411 | 440 | @rm -f realm$(EXEEXT) |
412 | 441 | $(AM_V_CCLD)$(LINK) $(realm_OBJECTS) $(realm_LDADD) $(LIBS) |
127 | 127 | GVariant *parameters, |
128 | 128 | gpointer user_data) |
129 | 129 | { |
130 | gboolean verbose = GPOINTER_TO_INT (user_data); | |
130 | 131 | const gchar *operation_id; |
131 | 132 | const gchar *data; |
132 | 133 | |
133 | 134 | g_variant_get (parameters, "(&s&s)", &data, &operation_id); |
134 | g_printerr ("%s", data); | |
135 | ||
136 | /* | |
137 | * Various people have been worried by installing packages | |
138 | * quietly, so notify about what's going on. | |
139 | * | |
140 | * In reality *configuring* and *starting* a daemon is far | |
141 | * more worrisome than the installation. It's realmd's job | |
142 | * to configure, enable and start stuff. So if you're properly | |
143 | * worried, remove realmd and do stuff manually. | |
144 | */ | |
145 | if (verbose || strstr (data, _("Installing necessary packages"))) | |
146 | g_printerr ("%s", data); | |
135 | 147 | } |
136 | 148 | |
137 | 149 | static gboolean |
166 | 178 | if (bus_name == NULL) |
167 | 179 | flags |= G_DBUS_SIGNAL_FLAGS_NO_MATCH_RULE; |
168 | 180 | |
169 | if (verbose) { | |
170 | g_dbus_connection_signal_subscribe (connection, bus_name, | |
171 | REALM_DBUS_SERVICE_INTERFACE, | |
172 | REALM_DBUS_DIAGNOSTICS_SIGNAL, | |
173 | REALM_DBUS_SERVICE_PATH, | |
174 | NULL, flags, | |
175 | on_diagnostics_signal, NULL, NULL); | |
176 | } | |
181 | g_dbus_connection_signal_subscribe (connection, bus_name, | |
182 | REALM_DBUS_SERVICE_INTERFACE, | |
183 | REALM_DBUS_DIAGNOSTICS_SIGNAL, | |
184 | REALM_DBUS_SERVICE_PATH, | |
185 | NULL, flags, | |
186 | on_diagnostics_signal, | |
187 | GINT_TO_POINTER (verbose), NULL); | |
177 | 188 | |
178 | 189 | provider = realm_dbus_provider_proxy_new_sync (connection, |
179 | 190 | G_DBUS_PROXY_FLAGS_NONE, |
767 | 778 | return result; |
768 | 779 | } |
769 | 780 | |
781 | static gchar * | |
782 | prompt_stdin (const gchar *prompt) | |
783 | { | |
784 | static const gsize pass_max = 8192; | |
785 | gchar *password; | |
786 | gsize len; | |
787 | ||
788 | g_printf ("%s", prompt); | |
789 | fflush (stdout); | |
790 | ||
791 | password = malloc (pass_max); | |
792 | if (!fgets (password, pass_max, stdin)) { | |
793 | free (password); | |
794 | password = NULL; | |
795 | } | |
796 | ||
797 | g_printf ("\n"); | |
798 | ||
799 | len = strlen (password); | |
800 | if (len > 0 && password[len - 1] == '\n') | |
801 | password[len - 1] = '\0'; | |
802 | ||
803 | return password; | |
804 | } | |
805 | ||
770 | 806 | static GVariant * |
771 | 807 | build_password_credential (const gchar *user_name, |
772 | 808 | const gchar *credential_owner, |
774 | 810 | { |
775 | 811 | const gchar *password; |
776 | 812 | GVariant *result; |
813 | gchar *alloced; | |
777 | 814 | gchar *prompt; |
815 | int istty; | |
816 | ||
817 | istty = isatty (0); | |
818 | ||
819 | if (istty && realm_unattended) { | |
820 | g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, | |
821 | _("Cannot prompt for a password when running in unattended mode")); | |
822 | return NULL; | |
823 | } | |
778 | 824 | |
779 | 825 | prompt = g_strdup_printf (_("Password for %s: "), user_name); |
780 | password = getpass (prompt); | |
826 | ||
827 | /* | |
828 | * Yeah, getpass is obselete. Have fun trying to recreate it even | |
829 | * semi-portably. | |
830 | */ | |
831 | if (istty) { | |
832 | password = getpass (prompt); | |
833 | alloced = NULL; | |
834 | } else { | |
835 | alloced = prompt_stdin (prompt); | |
836 | password = alloced; | |
837 | } | |
838 | ||
781 | 839 | g_free (prompt); |
782 | 840 | |
783 | 841 | if (password == NULL) { |
791 | 849 | |
792 | 850 | if (password) |
793 | 851 | memset ((char *)password, 0, strlen (password)); |
852 | free (alloced); | |
794 | 853 | |
795 | 854 | return result; |
796 | 855 | } |
282 | 282 | ret = 2; |
283 | 283 | |
284 | 284 | } else if (argc > 2) { |
285 | g_printerr ("%s: %s\n", _("Specify one realm to join"), g_get_prgname ()); | |
285 | g_printerr ("%s: %s\n", g_get_prgname (), _("Specify one realm to join")); | |
286 | 286 | ret = 2; |
287 | 287 | |
288 | 288 | } else if (args.no_password && (args.one_time_password || args.user)) { |
289 | g_printerr ("%s: %s\n", | |
290 | _("The --no-password argument cannot be used with --one-time-password or --user"), | |
291 | g_get_prgname ()); | |
289 | g_printerr ("%s: %s\n", g_get_prgname (), | |
290 | _("The --no-password argument cannot be used with --one-time-password or --user")); | |
292 | 291 | ret = 2; |
293 | 292 | |
294 | 293 | } else if (args.one_time_password && args.user) { |
295 | g_printerr ("%s: %s\n", | |
296 | _("The --one-time-password argument cannot be used with --user"), | |
297 | g_get_prgname ()); | |
294 | g_printerr ("%s: %s\n", g_get_prgname (), | |
295 | _("The --one-time-password argument cannot be used with --user")); | |
298 | 296 | ret = 2; |
299 | 297 | |
300 | 298 | } else { |
29 | 29 | static gchar *arg_install = NULL; |
30 | 30 | gboolean realm_verbose = FALSE; |
31 | 31 | gboolean realm_cancelled = FALSE; |
32 | gboolean realm_unattended = FALSE; | |
32 | 33 | gchar *realm_operation_id = NULL; |
33 | 34 | |
34 | 35 | struct { |
189 | 190 | GOptionEntry realm_global_options[] = { |
190 | 191 | { "install", 'i', 0, G_OPTION_ARG_STRING, &arg_install, N_("Install mode to a specific prefix"), NULL }, |
191 | 192 | { "verbose", 'v', 0, G_OPTION_ARG_NONE, &realm_verbose, N_("Verbose output"), NULL }, |
193 | { "unattended", 0, 0, G_OPTION_ARG_NONE, &realm_unattended, N_("Do not prompt for input"), NULL }, | |
192 | 194 | { NULL, } |
193 | 195 | }; |
194 | 196 |