diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-09-25 21:38:13 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-09-25 21:38:13 -0400 |
| commit | cd1ce69f104686bbb33e049c2c4c112e78febd36 (patch) | |
| tree | 6654eaf12145b918cd217dcdf9b95a0060a60b7b /files/usr/local | |
| parent | 93994080d976d1fd98a22422a549fe371a2bcae3 (diff) | |
| download | infrastructure-cd1ce69f104686bbb33e049c2c4c112e78febd36.tar.gz | |
finish idm client stuff
Diffstat (limited to 'files/usr/local')
| -rw-r--r-- | files/usr/local/etc/nslcd.conf.common | 14 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/.krb5/config.idm_server | 2 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/ldap.conf.common | 9 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/slapd.ldif.idm_server | 2 | ||||
| -rw-r--r-- | files/usr/local/etc/ssh/sshd_config.freebsd | 2 | ||||
| -rw-r--r-- | files/usr/local/var/krb5kdc/kadm5.acl.idm_server | 4 |
6 files changed, 29 insertions, 4 deletions
diff --git a/files/usr/local/etc/nslcd.conf.common b/files/usr/local/etc/nslcd.conf.common new file mode 100644 index 0000000..6494c70 --- /dev/null +++ b/files/usr/local/etc/nslcd.conf.common @@ -0,0 +1,14 @@ +uid ${nslcd_user} +gid ${nslcd_user} + +uri ${ldap_uri} + +base ${basedn} +base passwd ${accounts_basedn} +base group ${groups_basedn} + +sasl_mech GSSAPI + +nss_min_uid ${nslcd_min_uid} +nss_initgroups_ignoreusers ALLLOCAL +nss_nested_groups yes diff --git a/files/usr/local/etc/openldap/.krb5/config.idm_server b/files/usr/local/etc/openldap/.krb5/config.idm_server new file mode 100644 index 0000000..7a92f86 --- /dev/null +++ b/files/usr/local/etc/openldap/.krb5/config.idm_server @@ -0,0 +1,2 @@ +[libdefaults] + default_keytab_name = FILE:${slapd_keytab} diff --git a/files/usr/local/etc/openldap/ldap.conf.common b/files/usr/local/etc/openldap/ldap.conf.common new file mode 100644 index 0000000..b56dc94 --- /dev/null +++ b/files/usr/local/etc/openldap/ldap.conf.common @@ -0,0 +1,9 @@ +URI ${ldap_uri} +BASE ${basedn} +USE_SASL yes +ROOTUSE_SASL yes +SASL_MECH GSSAPI +SASL_REALM ${realm} +GSSAPI_SIGN yes +GSSAPI_ENCRYPT yes +SUDOERS_BASE ${sudo_basedn} diff --git a/files/usr/local/etc/openldap/slapd.ldif.idm_server b/files/usr/local/etc/openldap/slapd.ldif.idm_server index 9dc0086..d63641e 100644 --- a/files/usr/local/etc/openldap/slapd.ldif.idm_server +++ b/files/usr/local/etc/openldap/slapd.ldif.idm_server @@ -119,7 +119,7 @@ olcAccess: {1}to dn.base="cn=Subschema" by * read olcAccess: {3}to * by dn.exact=${slapd_replicator_dn} read - by dn.exact=krbPrincipalName=${boxconf_username},${robots_basedn} manage + by dn.exact=${boxconf_dn} manage by set="[cn=${slapd_admin_role},${roles_basedn}]/member* & user" manage by * break olcAccess: {4}to dn.subtree=${sudo_basedn} diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd b/files/usr/local/etc/ssh/sshd_config.freebsd index df46af6..52d9bfe 100644 --- a/files/usr/local/etc/ssh/sshd_config.freebsd +++ b/files/usr/local/etc/ssh/sshd_config.freebsd @@ -3,7 +3,7 @@ Include /etc/ssh/sshd_config.d/*.conf PermitRootLogin prohibit-password AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysCommand /usr/local/libexec/idm-ssh-authorized-keys %u -AuthorizedKeysCommandUser ${ssh_authzkeys_user} +AuthorizedKeysCommandUser ${ssh_authzkeys_username} KbdInteractiveAuthentication no PasswordAuthentication yes diff --git a/files/usr/local/var/krb5kdc/kadm5.acl.idm_server b/files/usr/local/var/krb5kdc/kadm5.acl.idm_server index c2a454b..9f7507e 100644 --- a/files/usr/local/var/krb5kdc/kadm5.acl.idm_server +++ b/files/usr/local/var/krb5kdc/kadm5.acl.idm_server @@ -1,2 +1,2 @@ -*/admin@${realm} * * -maxlife 1h -postdateable -${boxconf_username}@${realm} * * -maxlife 5m -postdateable +*/admin@${realm} * * +${boxconf_username}@${realm} * * |