diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-05-19 13:49:03 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-05-19 14:01:21 +0300 |
commit | 7636fa3e7b5829adebf003f3150ae14372cdaae5 (patch) | |
tree | f394870ed1a4c5ea7a2f5cf4debaa91b57f8b856 /doc | |
parent | 867eaccec7a1324f958d0d86c1a148187212bf6f (diff) | |
download | pam-modules-7636fa3e7b5829adebf003f3150ae14372cdaae5.tar.gz pam-modules-7636fa3e7b5829adebf003f3150ae14372cdaae5.tar.bz2 |
New utility "ldappubkey".
* NEWS: Document new features.
* doc/pam-modules.texi: Document usergitconfig.
* doc/pam_ldaphome.8in: Update.
* examples/ldappubkey: New file.
* examples/usergitconfig: Refer to perldoc on error.
* lib/env.c (gray_env_get_bool): New function.
* lib/graypam.h (gray_env_get_bool): New proto.
* pam_ldaphome/pam_ldaphome.c (import_public_key): Do nothing if
"import-public-keys" is set to "no".
(pam_sm_authenticate): New function.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/pam-modules.texi | 44 | ||||
-rw-r--r-- | doc/pam_ldaphome.8in | 10 |
2 files changed, 52 insertions, 2 deletions
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi index 87c4d6c..bf101f7 100644 --- a/doc/pam-modules.texi +++ b/doc/pam-modules.texi @@ -1249,6 +1249,12 @@ Sets the LDAP filter expression to return a user profile. The filters as defined in RFC 4515. @end deffn +@deffn {pam_ldaphome config} import-public-keys bool +When set to @samp{no}, disables importing public keys from LDAP. You +may wish to use this option if you are using @command{openssh} 6.1 or +later with @command{ldappubkey} as @samp{AuthorizedKeysCommand}. +@end deffn + @deffn {pam_ldaphome config} pubkey-attr text Defines the name of the attribute which holds the user public key. @end deffn @@ -1351,6 +1357,7 @@ which case the usual shell dequoting rules apply. @menu * ldaphome example:: +* usergitconfig:: @end menu @node ldaphome example @@ -1437,6 +1444,43 @@ passwd: files ldap group: files ldap @end example +@node usergitconfig +@section usergitconfig +@cindex usergitconfig + +The @file{examples} subdirectory of the @command{pam-modules} +distribution contains a program @command{usergitconfig} which +is designed to customize user's @file{.gitconfig} file using +attributes from his LDAP entry. + +The command reads the @file{.gitconfig} file and replaces any +occurrence of @samp{$@{@var{attr}@}} with the value of the LDAP +attribute @var{attr}. Not defined attributes are replaced with +empty strings. + +To use this utility with @command{pam_ldaphome}, copy it to +some location of preference (say, @file{/usr/libexec}), and +add the following to @command{pam_ldaphome} configuration file: + +@example +skel /etc/skel +initrc-command /usr/libexec/usergitconfig +@end example + +The @file{/etc/skel} directory should contain the file @file{.gitconfig}. +Suppose its contents is as follows: + +@example +[user] + name = $@{cn@} + email = $@{mail@} +@end example + +@noindent +Then, after successful completion of @command{pam_ldaphome}, the +user's @file{.gitconfig} file will contain his real name and email +set properly from the database. + @node umotd @chapter pam_umotd @set MODULE pam_umotd diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in index 6d74e4e..5150849 100644 --- a/doc/pam_ldaphome.8in +++ b/doc/pam_ldaphome.8in @@ -14,7 +14,7 @@ .\" You should have received a copy of the GNU General Public License .\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>. .so config.so -.TH PAM_LDAPHOME 8 "April 4, 2014" "PAM-MODULES" "Pam-Modules User Reference" +.TH PAM_LDAPHOME 8 "May 19, 2014" "PAM-MODULES" "Pam-Modules User Reference" .SH NAME pam_ldaphome \- create and populate user home directories .SH SYNOPSIS @@ -108,6 +108,11 @@ Defines a LDAP filter expression which returns the user profile. The \fIEXPR\fR should conform to the string representation for search filters as defined in RFC 4515. .TP +.BI import\-public\-keys " BOOL" +When set to \fBno\fR, disables importing public keys from LDAP. You +may wish to use this option if you are using \fBopenssh\fR 6.1 or +later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR. +.TP .BI pubkey\-attr " TEXT" Defines the name of the attribute that keeps user's public SSH key. .TP @@ -203,7 +208,8 @@ the \fB\-\-enable\-debug\fR option. \fBaudit\fR Log auditing information. .SH MODULE TYPES PROVIDED -.BR auth . +.BR auth , +.BR session . .SH RETURN VALUES .TP .B PAM_SUCCESS |