diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-29 16:14:19 -0500 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-29 16:14:19 -0500 |
commit | 56c2b5fc9b206903e60f90a84edfd7130d5b0473 (patch) | |
tree | 0a35482c115a3d2ea9216b1b97dce2fa2590703d | |
parent | 7ebf958b1051f6a4034b68f25c20226b6d6e22fa (diff) | |
download | libtdeldap-56c2b5fc.tar.gz libtdeldap-56c2b5fc.zip |
Add deactivated krb5 PKCS login line
-rw-r--r-- | src/libtdeldap.cpp | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index e9961ed..bc6890b 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -4895,6 +4895,18 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig stream << "# All changes will be lost!\n"; stream << "\n"; + // Get PKCS#11 slot number from the LDAP configuration file + KSimpleConfig* systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" )); + systemconfig->setGroup(NULL); + int pkcs11_login_card_slot = systemconfig->readNumEntry("PKCS11LoginCardSlot", 0); + delete systemconfig; + + // Generate PKCS#11 provider string + TQString pkcsProviderString = TDECryptographicCardDevice::pkcsProviderLibrary(); + if (pkcs11_login_card_slot != 0) { + pkcsProviderString.append(TQString(",slot=%1").arg(pkcs11_login_card_slot)); + } + // Appdefaults stream << "[appdefaults]\n"; if (realmList.begin() != realmList.end()) { @@ -4908,9 +4920,11 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig stream << " pkinit_revoke = FILE:" << ldap_crlfile << "\n"; } stream << " pkinit_require_crl_checking = true\n"; - stream << " pam = {\n"; - stream << " pkinit_user = PKCS11:" << TDECryptographicCardDevice::pkcsProviderLibrary() << "\n"; - stream << " }\n"; + if (pkcsProviderString != "") { + stream << " pam = {\n"; + stream << " pkinit_user = PKCS11:" << pkcsProviderString << "\n"; + stream << " }\n"; + } stream << "\n"; // Defaults @@ -5062,6 +5076,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) { } if (pamConfig.enable_pkcs11_login) { stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n"; + // stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n"; } stream << "auth required pam_deny.so" << "\n"; |