summaryrefslogtreecommitdiff
path: root/server/examples
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-04 12:21:18 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-07 14:27:18 -0400
commitee762f9b709224a7dc7460fc535ee992045168b8 (patch)
treedaa6d444d6c52868c0a9109d360a4fe64b333df3 /server/examples
parent2df2e775612734712b72dcf0adf6c66ce530a319 (diff)
downloadsssd-ee762f9b709224a7dc7460fc535ee992045168b8.tar.gz
sssd-ee762f9b709224a7dc7460fc535ee992045168b8.tar.bz2
sssd-ee762f9b709224a7dc7460fc535ee992045168b8.zip
Split modules types in Identity and Authenticator
The same module may implement both types, but initializatrion will be nonetheless performed separately, once for the identity module and once for the authenticator module. Also change the proxy module to retireve the pam target name from the domain configuration so that it is possibile to create per-domain pam stacks. With this modification it is actually possibile to use normal nss and pam modules to perform a successful authentication (tested only with sudo so far) Update exmples.
Diffstat (limited to 'server/examples')
-rw-r--r--server/examples/config.ldif50
-rw-r--r--server/examples/sssdproxylocal9
-rw-r--r--server/examples/sssdproxytest9
-rw-r--r--server/examples/sudo6
4 files changed, 53 insertions, 21 deletions
diff --git a/server/examples/config.ldif b/server/examples/config.ldif
index b848e431..6101f085 100644
--- a/server/examples/config.ldif
+++ b/server/examples/config.ldif
@@ -15,31 +15,28 @@ activeServices: info
dn: cn=nss,cn=services,cn=config
cn: nss
description: NSS Responder Configuration
-unixSocket: /var/lib/sss/pipes/nss
-command: /usr/libexec/sssd/sssd_nss
+filterGroups: root
+filterGroups: foo@TEST
+filterUsers: root
+filterUsers: bar@TEST
dn: cn=dp,cn=services,cn=config
cn: dp
description: Data Provider Configuration
-command: /usr/libexec/sssd/sssd_dp
dn: cn=monitor,cn=services,cn=config
cn: monitor
description: Monitor Configuration
sbusTimeout: 10
-sbusAddress: unix:path=/var/lib/sss/pipes/private/dbus
servicePingTime: 10
dn: cn=pam,cn=services,cn=config
cn: pam
-command: /usr/libexec/sssd/sssd_pam
description: PAM Responder Configuration
-unixSocket: /var/lib/sss/pipes/pam
dn: cn=info,cn=services,cn=config
cn: info
description: InfoPipe Configuration
-command: ./sbin/sssd_info
dn: cn=domains,cn=config
cn: domains
@@ -48,32 +45,43 @@ description: Domains served by SSSD
dn: cn=LOCAL,cn=domains,cn=config
cn: LOCAL
description: Reserved domain for local configurations
-legacy: FALSE
enumerate: 3
-
-dn: cn=EXAMPLE.COM,cn=domains,cn=config
-cn: EXAMPLE.COM
-description: Example domain served by IPA
-provider: ipa
-server: ipaserver1.example.com
-server: ipabackupserver.example.com
-legacy: FALSE
-enumerate: 0
+minId: 500
+maxId: 999
+legacy: TRUE
+libName: files
+libPath: /lib64/libnss_files.so.2
+magicPrivateGroups: FALSE
+provider: proxy
+auth-module: proxy
+pam-target: sssdproxylocal
dn: cn=TEST,cn=domains,cn=config
cn: TEST
description: TEST Ldap domain
-provider: proxy
-command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST
libName: ldap
libPath: /usr/lib64/libnss_ldap.so.2
legacy: TRUE
-enumerate: 0
+enumerate: 3
+useFullyQualifiedNames: TRUE
+minId: 1000
+provider: proxy
+auth-module: proxy
+pam-target: sssdproxytest
dn: cn=LDAPTEST,cn=domains,cn=config
cn: LDAPTEST
basedn: cn=LDAPTEST,sn=sysdb
-command: ./sbin/sssd_be --provider ldap --domain LDAPTEST
+command: /usr/libexec/sssd/sssd_be --provider ldap --domain LDAPTEST
description: TEST PAM Ldap domain
provider: ldap
userSearchBase: ou=user,dc=my-domain,dc=com
+
+dn: cn=EXAMPLE.COM,cn=domains,cn=config
+cn: EXAMPLE.COM
+description: Example domain served by IPA
+provider: ipa
+server: ipaserver1.example.com
+server: ipabackupserver.example.com
+legacy: FALSE
+enumerate: 0
diff --git a/server/examples/sssdproxylocal b/server/examples/sssdproxylocal
new file mode 100644
index 00000000..1bc47f89
--- /dev/null
+++ b/server/examples/sssdproxylocal
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth requisite pam_succeed_if.so uid >= 500 quiet
+auth required pam_deny.so
+
+account required pam_unix.so
+account sufficient pam_succeed_if.so uid < 500 quiet
+account required pam_permit.so
+
diff --git a/server/examples/sssdproxytest b/server/examples/sssdproxytest
new file mode 100644
index 00000000..9c5cb4ad
--- /dev/null
+++ b/server/examples/sssdproxytest
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth sufficient pam_ldap.so debug
+auth requisite pam_succeed_if.so uid >= 1000 quiet
+auth required pam_deny.so
+
+account required pam_ldap.so debug
+account sufficient pam_succeed_if.so uid < 1000 quiet
+account required pam_permit.so
+
diff --git a/server/examples/sudo b/server/examples/sudo
new file mode 100644
index 00000000..4af91ba6
--- /dev/null
+++ b/server/examples/sudo
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_sss.so
+account required pam_sss.so
+password required pam_sss.so
+session optional pam_keyinit.so revoke
+session required pam_limits.so