reenable auth-keys ldap backend
This commit is contained in:
Jan F
parent
48446f1f1b
commit
b934981de5
57
openssh-5.8p1-ldap2.patch
Normal file
57
openssh-5.8p1-ldap2.patch
Normal file
@ -0,0 +1,57 @@
|
||||
diff -up openssh-5.8p1/HOWTO.ldap-keys.ldap2 openssh-5.8p1/HOWTO.ldap-keys
|
||||
--- openssh-5.8p1/HOWTO.ldap-keys.ldap2 2011-02-25 11:48:59.000000000 +0100
|
||||
+++ openssh-5.8p1/HOWTO.ldap-keys 2011-02-25 11:48:59.000000000 +0100
|
||||
@@ -0,0 +1,14 @@
|
||||
+
|
||||
+1) configure LDAP server
|
||||
+2) add appropriate schema
|
||||
+3) insert users into LDAP
|
||||
+4) on the ssh side set in sshd_config
|
||||
+AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
|
||||
+AuthorizedKeysCommandRunAs <appropriate user to run LDAP>
|
||||
+5) do not forget to set
|
||||
+PubkeyAuthentication yes
|
||||
+
|
||||
+
|
||||
+To debug the ssh-ldap-helper is possible to set
|
||||
+the necessary flags in the ssh-ldap-wrapper.
|
||||
+
|
||||
diff -up openssh-5.8p1/ldap-helper.c.ldap2 openssh-5.8p1/ldap-helper.c
|
||||
--- openssh-5.8p1/ldap-helper.c.ldap2 2011-02-25 11:48:59.000000000 +0100
|
||||
+++ openssh-5.8p1/ldap-helper.c 2011-02-25 11:48:59.000000000 +0100
|
||||
@@ -51,7 +51,7 @@ usage(void)
|
||||
fprintf(stderr, " -f file Use alternate config file (default is /etc/ssh/ldap.conf).\n");
|
||||
fprintf(stderr, " -s user Do not demonize, send the user's key to stdout.\n");
|
||||
fprintf(stderr, " -v Increase verbosity of the debug output (implies -d).\n");
|
||||
- fprintf(stderr, " -w Warn on unknown commands int the config file.\n");
|
||||
+ fprintf(stderr, " -w Warn on unknown commands in the config file.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
diff -up openssh-5.8p1/Makefile.in.ldap2 openssh-5.8p1/Makefile.in
|
||||
--- openssh-5.8p1/Makefile.in.ldap2 2011-02-25 11:48:59.000000000 +0100
|
||||
+++ openssh-5.8p1/Makefile.in 2011-02-25 11:55:59.000000000 +0100
|
||||
@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
||||
+SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
|
||||
RAND_HELPER=$(libexecdir)/ssh-rand-helper
|
||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||
@@ -277,6 +278,7 @@ install-files:
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||
if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
|
||||
$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
|
||||
+ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
||||
fi
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||
diff -up openssh-5.8p1/ssh-ldap-wrapper.ldap2 openssh-5.8p1/ssh-ldap-wrapper
|
||||
--- openssh-5.8p1/ssh-ldap-wrapper.ldap2 2011-02-25 11:48:59.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh-ldap-wrapper 2011-02-25 11:48:59.000000000 +0100
|
||||
@@ -0,0 +1,4 @@
|
||||
+#!/bin/sh
|
||||
+
|
||||
+exec /usr/libexec/openssh/ssh-ldap-helper -s "$1"
|
||||
+
|
||||
12
openssh.spec
12
openssh.spec
@ -71,7 +71,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%define openssh_ver 5.8p1
|
||||
%define openssh_rel 9
|
||||
%define openssh_rel 10
|
||||
%define pam_ssh_agent_ver 0.9.2
|
||||
%define pam_ssh_agent_rel 30
|
||||
|
||||
@ -115,7 +115,8 @@ Patch10: pam_ssh_agent_auth-0.9-build.patch
|
||||
Patch11: pam_ssh_agent_auth-0.9.2-seteuid.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
|
||||
Patch20: openssh-5.8p1-authorized-keys-command.patch
|
||||
Patch21: openssh-5.6p1-ldap.patch
|
||||
Patch21: openssh-5.8p1-ldap.patch
|
||||
Patch121: openssh-5.8p1-ldap2.patch
|
||||
#?mail-conf
|
||||
Patch22: openssh-5.8p1-selinux.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641
|
||||
@ -314,6 +315,7 @@ popd
|
||||
%patch20 -p1 -b .akc
|
||||
%if %{ldap}
|
||||
%patch21 -p1 -b .ldap
|
||||
%patch121 -p1 -b .ldap2
|
||||
%endif
|
||||
%if %{WITH_SELINUX}
|
||||
#SELinux
|
||||
@ -596,8 +598,9 @@ fi
|
||||
%if %{ldap}
|
||||
%files ldap
|
||||
%defattr(-,root,root)
|
||||
%doc README.lpk lpk-user-example.txt openssh-lpk-openldap.schema openssh-lpk-sun.schema ldap.conf
|
||||
%doc HOWTO.ldap-keys README.lpk lpk-user-example.txt openssh-lpk-openldap.schema openssh-lpk-sun.schema ldap.conf
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-wrapper
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-ldap-helper.8*
|
||||
%attr(0644,root,root) %{_mandir}/man5/ssh-ldap.conf.5*
|
||||
%endif
|
||||
@ -619,6 +622,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-10 + 0.9.2-30
|
||||
- reenable auth-keys ldap backend
|
||||
|
||||
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-9 + 0.9.2-30
|
||||
- another audit improovements
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user