New utility "ldappubkey".

* NEWS: Document new features.
* doc/pam-modules.texi: Document usergitconfig.
* doc/pam_ldaphome.8in: Update.
* examples/ldappubkey: New file.
* examples/usergitconfig: Refer to perldoc on error.
* lib/env.c (gray_env_get_bool): New function.
* lib/graypam.h (gray_env_get_bool): New proto.
* pam_ldaphome/pam_ldaphome.c (import_public_key): Do nothing if
"import-public-keys" is set to "no".
(pam_sm_authenticate): New function.

2 files changed, 52 insertions, 2 deletions

diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi
index 87c4d6c..bf101f7 100644
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@@ -1249,6 +1249,12 @@ Sets the LDAP filter expression to return a user profile.  The
 filters as defined in RFC 4515.
 @end deffn
 
+@deffn {pam_ldaphome config} import-public-keys bool
+When set to @samp{no}, disables importing public keys from LDAP.  You
+may wish to use this option if you are using @command{openssh} 6.1 or
+later with @command{ldappubkey} as @samp{AuthorizedKeysCommand}.
+@end deffn
+
 @deffn {pam_ldaphome config} pubkey-attr text
 Defines the name of the attribute which holds the user public key.
 @end deffn
@@ -1351,6 +1357,7 @@ which case the usual shell dequoting rules apply.
 
 @menu
 * ldaphome example::
+* usergitconfig::
 @end menu
 
 @node ldaphome example
@@ -1437,6 +1444,43 @@ passwd:         files ldap
 group:          files ldap
 @end example
 
+@node usergitconfig
+@section usergitconfig
+@cindex usergitconfig
+
+The @file{examples} subdirectory of the @command{pam-modules}
+distribution contains a program @command{usergitconfig} which
+is designed to customize user's @file{.gitconfig} file using
+attributes from his LDAP entry.
+
+The command reads the @file{.gitconfig} file and replaces any
+occurrence of @samp{$@{@var{attr}@}} with the value of the LDAP
+attribute @var{attr}.  Not defined attributes are replaced with
+empty strings.
+
+To use this utility with @command{pam_ldaphome}, copy it to
+some location of preference (say, @file{/usr/libexec}), and
+add the following to @command{pam_ldaphome} configuration file:
+
+@example
+skel /etc/skel
+initrc-command /usr/libexec/usergitconfig
+@end example
+
+The @file{/etc/skel} directory should contain the file @file{.gitconfig}.
+Suppose its contents is as follows:
+
+@example
+[user]
+	name = $@{cn@}
+	email = $@{mail@}
+@end example
+
+@noindent
+Then, after successful completion of @command{pam_ldaphome}, the
+user's @file{.gitconfig} file will contain his real name and email
+set properly from the database.
+
 @node umotd
 @chapter pam_umotd
 @set MODULE pam_umotd
diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in
index 6d74e4e..5150849 100644
--- a/doc/pam_ldaphome.8in
+++ b/doc/pam_ldaphome.8in
@@ -14,7 +14,7 @@
 .\" You should have received a copy of the GNU General Public License
 .\" along with PAM-Modules.  If not, see <http://www.gnu.org/licenses/>.
 .so config.so
-.TH PAM_LDAPHOME 8 "April 4, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.TH PAM_LDAPHOME 8 "May 19, 2014" "PAM-MODULES" "Pam-Modules User Reference"
 .SH NAME
 pam_ldaphome \- create and populate user home directories
 .SH SYNOPSIS
@@ -108,6 +108,11 @@ Defines a LDAP filter expression which returns the user profile.  The
 \fIEXPR\fR should conform to the string representation for search
 filters as defined in RFC 4515.
 .TP
+.BI import\-public\-keys " BOOL"
+When set to \fBno\fR, disables importing public keys from LDAP.  You
+may wish to use this option if you are using \fBopenssh\fR 6.1 or
+later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
+.TP
 .BI pubkey\-attr " TEXT"
 Defines the name of the attribute that keeps user's public SSH key.
 .TP
@@ -203,7 +208,8 @@ the \fB\-\-enable\-debug\fR option.
 \fBaudit\fR
 Log auditing information.
 .SH MODULE TYPES PROVIDED
-.BR auth .
+.BR auth ,
+.BR session .
 .SH RETURN VALUES
 .TP
 .B PAM_SUCCESS