diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-05-21 13:16:36 +0300 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-05-21 13:21:04 +0300 |
| commit | 3e9c3f3c3b9edce9e3821f11be27350cae33b288 (patch) | |
| tree | 42ed9005d45ed65dc0d02dbe8b3b5bf5e06c3cce | |
| parent | 66dcf254f5446419428ae95e5de28752b82f1e23 (diff) | |
| download | pam-modules-3e9c3f3c3b9edce9e3821f11be27350cae33b288.tar.gz pam-modules-3e9c3f3c3b9edce9e3821f11be27350cae33b288.tar.bz2 | |
Fix docs.
* doc/Makefile.am (check-ldaphome-config): Take into account
gray_env_get_bool (see 7636fa3e).
* doc/pam-modules.texi: Update; final check.
* NEWS: Update.
| -rw-r--r-- | NEWS | 17 | ||||
| -rw-r--r-- | doc/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/pam-modules.texi | 95 |
3 files changed, 78 insertions, 36 deletions
@@ -1,2 +1,2 @@ -pam-modules -- history of user-visible changes. 2014-05-20 +pam-modules -- history of user-visible changes. 2014-05-21 Copyright (C) 2001, 2004-2005, 2007-2012, 2014 Sergey Poznyakoff @@ -22,2 +22,17 @@ when used as inirc-command, initializes the user's .gitconfig file. +* New auxiliary utilities + +** ldappubkey + +The `ldappubkey' utility is a simple Perl program which takes user +login name as its argument and produces on the standard output public +ssh keys for that user, each on a separate line. The program is +designed for use with `openssh' version 6.2p1 or higher. + +** usergitconfig + +Customizes user's `.gitconfig' file using attributes from his LDAP +entry. This utility can be used with the initrc-command statement +in pam_ldaphome.conf file. + * Bugfixes diff --git a/doc/Makefile.am b/doc/Makefile.am index e792390..5daae7a 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -105,3 +105,3 @@ check-ldaphome-config: @$(CHECK_DOCS) 'pam_ldaphome configuration keywords' \ - 's/.*gray_env_get(.[^,]*, *"\(.[^"]*\)".*/\1/p;s/.*get_intval(.[^,]*, *"\(.[^"]*\)".*/\1/p' \ + 's/.*gray_env_get(.[^,]*, *"\(.[^"]*\)".*/\1/p;s/.*gray_env_get_bool(.[^,]*, *"\(.[^"]*\)".*/\1/p;s/.*get_intval(.[^,]*, *"\(.[^"]*\)".*/\1/p' \ 's/@deffn *{pam_ldaphome config} *\([a-zA-Z_][a-zA-Z0-9_-]*\) .*/\1/p' \ diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi index 8d9a1c8..506ec33 100644 --- a/doc/pam-modules.texi +++ b/doc/pam-modules.texi @@ -123,2 +123,21 @@ SQL Authentication and Session Management. +pam_ldaphome + +* ldaphome example:: +* ldappubkey:: +* usergitconfig:: + +Example of pam_ldaphome configuration + +* 5.x:: Openssh versions prior to 6.2p1. +* 6.2p1:: Openssh versions 6.2p1 and newer. + +pam_umotd + +* summary of pam_umotd options:: + +pam_groupmember + +* summary of pam_groupmember options:: + @end detailmenu @@ -1166,3 +1185,3 @@ file}. The following keywords are defined: -@deffn {pam_ldaphome config} allow-home-dir path +@deffn {pam_ldaphome config} allow-home-dir @var{path} If present, this option controls where @command{pam_ldaphome} should @@ -1173,3 +1192,3 @@ if the directory part of its name is listed in @var{path}. -@deffn {pam_ldaphome config} skel dir +@deffn {pam_ldaphome config} skel @var{dir} Supplies the name of a @dfn{skeleton directory}. The contents of this @@ -1179,3 +1198,3 @@ file modes and permissions are preserved. -@deffn {pam_ldaphome config} uri arg +@deffn {pam_ldaphome config} uri @var{arg} Sets the URI of the LDAP server to consult for the user profile. @@ -1188,3 +1207,3 @@ uri ldap://127.0.0.1/ -@deffn {pam_ldaphome config} ldap-version v +@deffn {pam_ldaphome config} ldap-version @var{v} Sets the LDAP version to use. Valid values for @var{v} are @samp{2} @@ -1193,3 +1212,3 @@ and @samp{3} (the default). -@deffn {pam_ldaphome config} base searchbase +@deffn {pam_ldaphome config} base @var{searchbase} Use @var{searchbase} as the starting point for the search instead of @@ -1202,3 +1221,3 @@ base dc=gnu,dc=org,dc=ua -@deffn {pam_ldaphome config} binddn dn +@deffn {pam_ldaphome config} binddn @var{dn} Use the Distinguished Name @var{dn} to bind to the LDAP directory. @@ -1211,3 +1230,3 @@ binddn cn=Manager,dc=gnu,dc=org,dc=ua -@deffn {pam_ldaphome config} bindpw password +@deffn {pam_ldaphome config} bindpw @var{password} If @code{binddn} statement is used, this statement supplies the @@ -1216,3 +1235,3 @@ password for simple authentication. -@deffn {pam_ldaphome config} bindpwfile file +@deffn {pam_ldaphome config} bindpwfile @var{file} Read password for simple authentication from @var{file}. @@ -1220,3 +1239,3 @@ Read password for simple authentication from @var{file}. -@deffn {pam_ldaphome config} tls val +@deffn {pam_ldaphome config} tls @var{val} Controls whether TLS is desired or required. If @var{val} is @@ -1229,3 +1248,3 @@ mandatory, and the module will not establish LDAP connection unless -@deffn {pam_ldaphome config} min-uid n +@deffn {pam_ldaphome config} min-uid @var{n} Sets the minimal UID. For users with UIDs less than @var{n}, @@ -1238,3 +1257,3 @@ system database and who will not be disturbed by -@deffn {pam_ldaphome config} min-gid n +@deffn {pam_ldaphome config} min-gid @var{n} Sets the minimal GID. For users with GIDs less than @var{n}, @@ -1243,3 +1262,3 @@ Sets the minimal GID. For users with GIDs less than @var{n}, -@deffn {pam_ldaphome config} allow-groups group [group...] +@deffn {pam_ldaphome config} allow-groups @var{group} [@var{group}...] Only handle members of the listed groups. @@ -1247,3 +1266,3 @@ Only handle members of the listed groups. -@deffn {pam_ldaphome config} filter expr +@deffn {pam_ldaphome config} filter @var{expr} Sets the LDAP filter expression to return a user profile. The @@ -1253,3 +1272,3 @@ filters as defined in RFC 4515. -@deffn {pam_ldaphome config} import-public-keys bool +@deffn {pam_ldaphome config} import-public-keys @var{bool} When set to @samp{no}, disables importing public keys from LDAP. You @@ -1259,3 +1278,3 @@ later with @command{ldappubkey} as @samp{AuthorizedKeysCommand}. -@deffn {pam_ldaphome config} pubkey-attr text +@deffn {pam_ldaphome config} pubkey-attr @var{text} Defines the name of the attribute which holds the user public key. @@ -1263,3 +1282,3 @@ Defines the name of the attribute which holds the user public key. -@deffn {pam_ldaphome config} copy-buf-size n +@deffn {pam_ldaphome config} copy-buf-size @var{n} Sets the size of the buffer used to copy files from the skeleton @@ -1268,3 +1287,3 @@ directory to the newly created home. The default size is 16384 bytes. -@deffn {pam_ldaphome config} home-dir-mode mode +@deffn {pam_ldaphome config} home-dir-mode @var{mode} Sets the mode (octal) for the created user directories. @@ -1272,3 +1291,3 @@ Sets the mode (octal) for the created user directories. -@deffn {pam_ldaphome config} keyfile-mode mode +@deffn {pam_ldaphome config} keyfile-mode @var{mode} Sets the mode (octal) for the created authorized keys file. @@ -1276,3 +1295,3 @@ Sets the mode (octal) for the created authorized keys file. -@deffn {pam_ldaphome config} authorized_keys name +@deffn {pam_ldaphome config} authorized_keys @var{name} Sets the pathname (relative to the home directory) for the authorized @@ -1289,3 +1308,3 @@ according to the user. -@deffn {pam_ldaphome config} initrc-command command +@deffn {pam_ldaphome config} initrc-command @var{command} Run @command{command} after populating the user home directory with @@ -1303,3 +1322,9 @@ non-zero code, @command{pam_ldaphome} will report -@deffn {pam_ldaphome config} initrc-log file +@deffn {pam_ldaphome config} exec-timeout @var{seconds} +Sets maximum time the @command{initrc-command} is allowed to run. If +it runs longer than @var{seconds}, it will be terminated with a +@samp{SIGKILL}, and the module will return PAM_SYSTEM_ERR. +@end deffn + +@deffn {pam_ldaphome config} initrc-log @var{file} This statement redirects the standard output and error from the @@ -1308,3 +1333,3 @@ This statement redirects the standard output and error from the -@deffn {pam_ldaphome config} initrc-environ env ... +@deffn {pam_ldaphome config} initrc-environ @var{env} ... Modifies the environment of @command{initrc-command}. @@ -1397,4 +1422,6 @@ it again. The corresponding @file{pam.conf} section looks as follows: @example -sshd auth [success=ok try_again=1 default=die] pam_ldaphome.so -sshd auth [success=done ignore=ignore default=die] pam_unix.so +sshd auth [success=ok try_again=1 default=die] \ + pam_ldaphome.so +sshd auth [success=done ignore=ignore default=die] \ + pam_unix.so sshd auth [default=die] pam_echo.so file=/etc/ldaphome.txt @@ -1444,11 +1471,11 @@ keys. The author uses the following schema: attributetype ( 1.3.6.1.4.1.9163.2.1.0 NAME 'grayPublicKey' - DESC 'SSH public key' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + DESC 'SSH public key' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # Object Class Definitions objectclass ( 1.3.6.1.4.1.9163.2.2.0 NAME 'grayAccount' - DESC 'Abstraction of an employee account' - SUP posixAccount AUXILIARY - MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) - MAY ( userPassword $ loginShell $ gecos $ grayPublicKey ) ) + DESC 'Abstraction of an employee account' + SUP posixAccount AUXILIARY + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ grayPublicKey ) ) @end example @@ -1512,3 +1539,3 @@ it is invoked at the top of the stack: sshd session [success=ignore try_again=ignore default=die] \ - /usr/lib/security/pam_ldaphome.so + pam_ldaphome.so @end example @@ -1599,4 +1626,4 @@ Suppose its contents is as follows: [user] - name = $@{cn@} - email = $@{mail@} + name = $@{cn@} + email = $@{mail@} @end example |