You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
178 lines
6.7 KiB
178 lines
6.7 KiB
From 9321126e20898b23c19e168177d8a383a750fefb Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
Date: Fri, 23 Feb 2024 12:51:37 +0100
|
|
Subject: [PATCH 04/11] nis: install nis profile conditionally
|
|
|
|
NIS profile is installed only if --with-nis-profile configure flag is
|
|
given.
|
|
---
|
|
profiles/Makefile.am | 2 ++
|
|
rpm/authselect.spec.in | 37 +++++++++++++++++++----------
|
|
scripts/manpages-build.sh.in | 1 +
|
|
src/conf_macros.m4 | 10 ++++++++
|
|
src/man/authselect-migration.7.adoc | 7 ++++++
|
|
5 files changed, 45 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/profiles/Makefile.am b/profiles/Makefile.am
|
|
index bc437c158f6922afdba4ab261c73f31c93846118..61728cab77022ddc0bb35a3649a38123dc4987cf 100644
|
|
--- a/profiles/Makefile.am
|
|
+++ b/profiles/Makefile.am
|
|
@@ -15,6 +15,7 @@ dist_profile_local_DATA = \
|
|
$(top_srcdir)/profiles/local/dconf-locks \
|
|
$(NULL)
|
|
|
|
+if WITH_NIS_PROFILE
|
|
profile_nisdir = $(authselect_profile_dir)/nis
|
|
dist_profile_nis_DATA = \
|
|
$(top_srcdir)/profiles/nis/nsswitch.conf \
|
|
@@ -28,6 +29,7 @@ dist_profile_nis_DATA = \
|
|
$(top_srcdir)/profiles/nis/dconf-db \
|
|
$(top_srcdir)/profiles/nis/dconf-locks \
|
|
$(NULL)
|
|
+endif
|
|
|
|
profile_sssddir = $(authselect_profile_dir)/sssd
|
|
dist_profile_sssd_DATA = \
|
|
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
|
index e2c0482f1e7cfceac4aed3a3a4375bca031ac8c1..350ca953632f21be861c1ee75f25f71d107ca1ee 100644
|
|
--- a/rpm/authselect.spec.in
|
|
+++ b/rpm/authselect.spec.in
|
|
@@ -12,6 +12,13 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
|
|
|
|
%global makedir %{_builddir}/%{name}-%{version}
|
|
|
|
+# Disable NIS profile on RHEL
|
|
+%if 0%{?rhel}
|
|
+%global with_nis_profile 0
|
|
+%else
|
|
+%global with_nis_profile 1
|
|
+%endif
|
|
+
|
|
# Set the default profile
|
|
%{?fedora:%global default_profile local with-silent-lastlog}
|
|
%{?rhel:%global default_profile local}
|
|
@@ -75,7 +82,11 @@ done
|
|
|
|
%build
|
|
autoreconf -if
|
|
-%configure
|
|
+%configure \
|
|
+%if %{with_nis_profile}
|
|
+ --with-nis-profile \
|
|
+%endif
|
|
+ %{nil}
|
|
%make_build
|
|
|
|
%check
|
|
@@ -123,7 +134,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
|
%dir %{_datadir}/authselect/vendor
|
|
%dir %{_datadir}/authselect/default
|
|
%dir %{_datadir}/authselect/default/local/
|
|
-%dir %{_datadir}/authselect/default/nis/
|
|
%dir %{_datadir}/authselect/default/sssd/
|
|
%dir %{_datadir}/authselect/default/winbind/
|
|
%{_datadir}/authselect/default/local/dconf-db
|
|
@@ -136,16 +146,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
|
%{_datadir}/authselect/default/local/REQUIREMENTS
|
|
%{_datadir}/authselect/default/local/smartcard-auth
|
|
%{_datadir}/authselect/default/local/system-auth
|
|
-%{_datadir}/authselect/default/nis/dconf-db
|
|
-%{_datadir}/authselect/default/nis/dconf-locks
|
|
-%{_datadir}/authselect/default/nis/fingerprint-auth
|
|
-%{_datadir}/authselect/default/nis/nsswitch.conf
|
|
-%{_datadir}/authselect/default/nis/password-auth
|
|
-%{_datadir}/authselect/default/nis/postlogin
|
|
-%{_datadir}/authselect/default/nis/README
|
|
-%{_datadir}/authselect/default/nis/REQUIREMENTS
|
|
-%{_datadir}/authselect/default/nis/smartcard-auth
|
|
-%{_datadir}/authselect/default/nis/system-auth
|
|
%{_datadir}/authselect/default/sssd/dconf-db
|
|
%{_datadir}/authselect/default/sssd/dconf-locks
|
|
%{_datadir}/authselect/default/sssd/fingerprint-auth
|
|
@@ -166,6 +166,19 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
|
%{_datadir}/authselect/default/winbind/REQUIREMENTS
|
|
%{_datadir}/authselect/default/winbind/smartcard-auth
|
|
%{_datadir}/authselect/default/winbind/system-auth
|
|
+%if %{with_nis_profile}
|
|
+%dir %{_datadir}/authselect/default/nis/
|
|
+%{_datadir}/authselect/default/nis/dconf-db
|
|
+%{_datadir}/authselect/default/nis/dconf-locks
|
|
+%{_datadir}/authselect/default/nis/fingerprint-auth
|
|
+%{_datadir}/authselect/default/nis/nsswitch.conf
|
|
+%{_datadir}/authselect/default/nis/password-auth
|
|
+%{_datadir}/authselect/default/nis/postlogin
|
|
+%{_datadir}/authselect/default/nis/README
|
|
+%{_datadir}/authselect/default/nis/REQUIREMENTS
|
|
+%{_datadir}/authselect/default/nis/smartcard-auth
|
|
+%{_datadir}/authselect/default/nis/system-auth
|
|
+%endif
|
|
%{_libdir}/libauthselect.so.*
|
|
%{_mandir}/man5/authselect-profiles.5*
|
|
%{_datadir}/doc/authselect/COPYING
|
|
diff --git a/scripts/manpages-build.sh.in b/scripts/manpages-build.sh.in
|
|
index 314bb2b2a0e4432632478230ab5ff5b3dce2943f..9e553f755a64717f854f3aba33c62140130ce18f 100755
|
|
--- a/scripts/manpages-build.sh.in
|
|
+++ b/scripts/manpages-build.sh.in
|
|
@@ -233,6 +233,7 @@ ATTR+=" -a AUTHSELECT_PROFILE_DIR=\"@AUTHSELECT_PROFILE_DIR@\""
|
|
ATTR+=" -a AUTHSELECT_VENDOR_DIR=\"@AUTHSELECT_VENDOR_DIR@\""
|
|
ATTR+=" -a AUTHSELECT_BACKUP_DIR=\"@AUTHSELECT_BACKUP_DIR@\""
|
|
ATTR+=" -a BUILD_USER_NSSWITCH=\"@BUILD_USER_NSSWITCH@\""
|
|
+ATTR+=" -a WITH_NIS_PROFILE=\"@WITH_NIS_PROFILE@\""
|
|
|
|
manpages-translate
|
|
|
|
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
|
|
index 17c1629723066b0c4e354051366ce209428af6c1..9a81a6e194d16ecc0408e8631530cf7048fd9241 100644
|
|
--- a/src/conf_macros.m4
|
|
+++ b/src/conf_macros.m4
|
|
@@ -99,3 +99,13 @@ if test x"$with_user_nsswitch" = xyes; then
|
|
AC_DEFINE(BUILD_USER_NSSWITCH, 1, [whether to build with user nsswitch support])
|
|
AC_SUBST(BUILD_USER_NSSWITCH, 1)
|
|
fi
|
|
+
|
|
+AC_ARG_WITH([nis-profile],
|
|
+ [AC_HELP_STRING([--with-nis-profile], [Install NIS profile [no]])],
|
|
+ [], with_nis_profile=no
|
|
+)
|
|
+AM_CONDITIONAL([WITH_NIS_PROFILE], [test x$with_nis_profile = xyes])
|
|
+AC_SUBST(WITH_NIS_PROFILE, 0)
|
|
+if test x"$with_nis_profile" = xyes; then
|
|
+ AC_SUBST(WITH_NIS_PROFILE, 1)
|
|
+fi
|
|
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
|
|
index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..8cc58e60301925974fdb738c5b9a746749981df8 100644
|
|
--- a/src/man/authselect-migration.7.adoc
|
|
+++ b/src/man/authselect-migration.7.adoc
|
|
@@ -72,7 +72,12 @@ configuration file for required services.
|
|
|--enablesssd --enablesssdauth |sssd
|
|
|--enablekrb5 |sssd
|
|
|--enablewinbind --enablewinbindauth |winbind
|
|
+ifeval::[{WITH_NIS_PROFILE} == 1]
|
|
|--enablenis |nis
|
|
+endif::[]
|
|
+ifeval::[{WITH_NIS_PROFILE} != 1]
|
|
+|--enablenis |none
|
|
+endif::[]
|
|
|=========================================================
|
|
|
|
.Relation of authconfig options to authselect profile features
|
|
@@ -199,6 +204,7 @@ will perform an initial setup which involves creating a Kerberos keytab and
|
|
running `adcli` to join the domain. It also makes changes to `smb.conf`. You
|
|
can then tune it up by modifying {sysconfdir}/samba/smb.conf.
|
|
|
|
+ifeval::[{WITH_NIS_PROFILE} == 1]
|
|
NIS
|
|
~~~
|
|
There are several places that needs to be configured in order to make
|
|
@@ -227,6 +233,7 @@ $ domainname mydomain
|
|
$ setsebool -P allow_ypbind 1
|
|
----
|
|
|
|
+endif::[]
|
|
PASSWORD QUALITY
|
|
~~~~~~~~~~~~~~~~
|
|
Authselect enables `pam_pwquality` module to enforce password quality
|
|
--
|
|
2.42.0
|
|
|