|
|
fa9ab2 |
From 8f39d5ebcf18b9d987af5ad851fe1637ce1fce22 Mon Sep 17 00:00:00 2001
|
|
|
fa9ab2 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
fa9ab2 |
Date: Mon, 10 Jun 2019 10:53:15 +0200
|
|
|
fa9ab2 |
Subject: [PATCH] rhel8: remove ecryptfs support
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
---
|
|
|
fa9ab2 |
profiles/nis/README | 3 ---
|
|
|
fa9ab2 |
profiles/nis/fingerprint-auth | 1 -
|
|
|
fa9ab2 |
profiles/nis/password-auth | 1 -
|
|
|
fa9ab2 |
profiles/nis/postlogin | 4 ----
|
|
|
fa9ab2 |
profiles/nis/system-auth | 1 -
|
|
|
fa9ab2 |
profiles/sssd/README | 3 ---
|
|
|
fa9ab2 |
profiles/sssd/fingerprint-auth | 1 -
|
|
|
fa9ab2 |
profiles/sssd/password-auth | 1 -
|
|
|
fa9ab2 |
profiles/sssd/postlogin | 4 ----
|
|
|
fa9ab2 |
profiles/sssd/smartcard-auth | 1 -
|
|
|
fa9ab2 |
profiles/sssd/system-auth | 1 -
|
|
|
fa9ab2 |
profiles/winbind/README | 3 ---
|
|
|
fa9ab2 |
profiles/winbind/fingerprint-auth | 1 -
|
|
|
fa9ab2 |
profiles/winbind/password-auth | 1 -
|
|
|
fa9ab2 |
profiles/winbind/postlogin | 4 ----
|
|
|
fa9ab2 |
profiles/winbind/system-auth | 1 -
|
|
|
fa9ab2 |
src/compat/authcompat.py.in.in | 1 -
|
|
|
fa9ab2 |
src/compat/authcompat_Options.py | 2 +-
|
|
|
fa9ab2 |
src/man/authselect-migration.7.adoc | 5 ++---
|
|
|
fa9ab2 |
19 files changed, 3 insertions(+), 36 deletions(-)
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
diff --git a/profiles/nis/README b/profiles/nis/README
|
|
|
fa9ab2 |
index b8453bd357a1cec0d3c1981257271170f029fe8c..8b2cc1baa8a3429039f5bbeb0778113238ef6633 100644
|
|
|
fa9ab2 |
--- a/profiles/nis/README
|
|
|
fa9ab2 |
+++ b/profiles/nis/README
|
|
|
fa9ab2 |
@@ -21,9 +21,6 @@ with-mkhomedir::
|
|
|
fa9ab2 |
Enable automatic creation of home directories for users on their
|
|
|
fa9ab2 |
first login.
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
-with-ecryptfs::
|
|
|
fa9ab2 |
- Enable automatic per-user ecryptfs.
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
with-fingerprint::
|
|
|
fa9ab2 |
Enable authentication with fingerprint reader through *pam_fprintd*.
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
|
|
|
fa9ab2 |
index 278487b2a0f9ce103afebb0809ffffa2cfbbba7e..8d6bc3fe8ada7305280503bfa350cd78723c988a 100644
|
|
|
fa9ab2 |
--- a/profiles/nis/fingerprint-auth
|
|
|
fa9ab2 |
+++ b/profiles/nis/fingerprint-auth
|
|
|
fa9ab2 |
@@ -16,7 +16,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
|
|
|
fa9ab2 |
index 2ce77fded674684987849b027debe2b17a7bac94..46786cc8c2c90a2be98d71684b9286c37ff5b678 100644
|
|
|
fa9ab2 |
--- a/profiles/nis/password-auth
|
|
|
fa9ab2 |
+++ b/profiles/nis/password-auth
|
|
|
fa9ab2 |
@@ -21,7 +21,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
|
|
|
fa9ab2 |
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
|
|
fa9ab2 |
--- a/profiles/nis/postlogin
|
|
|
fa9ab2 |
+++ b/profiles/nis/postlogin
|
|
|
fa9ab2 |
@@ -1,7 +1,3 @@
|
|
|
fa9ab2 |
-auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
-password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
session optional pam_umask.so silent
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
|
|
fa9ab2 |
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
|
|
fa9ab2 |
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
|
|
|
fa9ab2 |
index d1f270a9e6f0ded1ff2d9c24fcd78c31e7a6debe..25148b060ecd0b52868386abf14ca5a9fd8fdfc3 100644
|
|
|
fa9ab2 |
--- a/profiles/nis/system-auth
|
|
|
fa9ab2 |
+++ b/profiles/nis/system-auth
|
|
|
fa9ab2 |
@@ -22,7 +22,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/sssd/README b/profiles/sssd/README
|
|
|
fa9ab2 |
index a2b52b7d4178bfaca260d31267dac396b514e656..b007621a4abd6423605507af5b03131c58a44f29 100644
|
|
|
fa9ab2 |
--- a/profiles/sssd/README
|
|
|
fa9ab2 |
+++ b/profiles/sssd/README
|
|
|
fa9ab2 |
@@ -40,9 +40,6 @@ with-mkhomedir::
|
|
|
fa9ab2 |
Enable automatic creation of home directories for users on their
|
|
|
fa9ab2 |
first login.
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
-with-ecryptfs::
|
|
|
fa9ab2 |
- Enable automatic per-user ecryptfs.
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
with-smartcard::
|
|
|
fa9ab2 |
Enable authentication with smartcards through SSSD. Please note that
|
|
|
fa9ab2 |
smartcard support must be also explicitly enabled within
|
|
|
fa9ab2 |
diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
|
|
|
fa9ab2 |
index 01b70f3533149d00700859f3e0a1c3f2abb33a8a..b9bbc63d96e1d982a54b537402fed5e2201ce533 100644
|
|
|
fa9ab2 |
--- a/profiles/sssd/fingerprint-auth
|
|
|
fa9ab2 |
+++ b/profiles/sssd/fingerprint-auth
|
|
|
fa9ab2 |
@@ -18,7 +18,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
|
|
|
fa9ab2 |
index c61630d5a71772c61cbdcce00bb5b64a83e87d8e..fe2e3a4bf68fb53e46af56577c9d67c7eabf2fff 100644
|
|
|
fa9ab2 |
--- a/profiles/sssd/password-auth
|
|
|
fa9ab2 |
+++ b/profiles/sssd/password-auth
|
|
|
fa9ab2 |
@@ -27,7 +27,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin
|
|
|
fa9ab2 |
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
|
|
fa9ab2 |
--- a/profiles/sssd/postlogin
|
|
|
fa9ab2 |
+++ b/profiles/sssd/postlogin
|
|
|
fa9ab2 |
@@ -1,7 +1,3 @@
|
|
|
fa9ab2 |
-auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
-password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
session optional pam_umask.so silent
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
|
|
fa9ab2 |
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
|
|
fa9ab2 |
diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
|
|
|
fa9ab2 |
index a47f44389d89797b2404ce44a78c2bc8a936225d..a15a033f58b766074ccc6a271f146341ff62f2e4 100644
|
|
|
fa9ab2 |
--- a/profiles/sssd/smartcard-auth
|
|
|
fa9ab2 |
+++ b/profiles/sssd/smartcard-auth
|
|
|
fa9ab2 |
@@ -16,7 +16,6 @@ account required pam_permit.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
|
|
|
fa9ab2 |
index 0c53fc0c326a6ab9b9720c3c0de4f7377431f689..788c92ba27f9b0febdbe00f265bc75e754aca8df 100644
|
|
|
fa9ab2 |
--- a/profiles/sssd/system-auth
|
|
|
fa9ab2 |
+++ b/profiles/sssd/system-auth
|
|
|
fa9ab2 |
@@ -32,7 +32,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/winbind/README b/profiles/winbind/README
|
|
|
fa9ab2 |
index e711b546c51fbe1ccf30b203cb854398d5e95caa..72f55e640c04bd539bef979da71d6d9ee0a2fd72 100644
|
|
|
fa9ab2 |
--- a/profiles/winbind/README
|
|
|
fa9ab2 |
+++ b/profiles/winbind/README
|
|
|
fa9ab2 |
@@ -33,9 +33,6 @@ with-mkhomedir::
|
|
|
fa9ab2 |
Enable automatic creation of home directories for users on their
|
|
|
fa9ab2 |
first login.
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
-with-ecryptfs::
|
|
|
fa9ab2 |
- Enable automatic per-user ecryptfs.
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
with-fingerprint::
|
|
|
fa9ab2 |
Enable authentication with fingerprint reader through *pam_fprintd*.
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
|
|
|
fa9ab2 |
index 0beff74eba83f12c4ad5a6147a6194608cd047e3..cdc61a1e9ff2ff8d58b58a076f001933092d0a90 100644
|
|
|
fa9ab2 |
--- a/profiles/winbind/fingerprint-auth
|
|
|
fa9ab2 |
+++ b/profiles/winbind/fingerprint-auth
|
|
|
fa9ab2 |
@@ -17,7 +17,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
|
|
|
fa9ab2 |
index 455add4c0c6aa2fecc850dc2b315998c6b4c4fb5..d60fb34c1c9a4f49f68b5c036a72127996bff9be 100644
|
|
|
fa9ab2 |
--- a/profiles/winbind/password-auth
|
|
|
fa9ab2 |
+++ b/profiles/winbind/password-auth
|
|
|
fa9ab2 |
@@ -24,7 +24,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin
|
|
|
fa9ab2 |
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
|
|
fa9ab2 |
--- a/profiles/winbind/postlogin
|
|
|
fa9ab2 |
+++ b/profiles/winbind/postlogin
|
|
|
fa9ab2 |
@@ -1,7 +1,3 @@
|
|
|
fa9ab2 |
-auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
-password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-
|
|
|
fa9ab2 |
session optional pam_umask.so silent
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
|
|
fa9ab2 |
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
|
|
fa9ab2 |
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
|
|
|
fa9ab2 |
index 5b383f70df6f03f59c6ab3b1dd5686382745b978..c169d7f3b75893ba61d60e085ef86bb658debf5b 100644
|
|
|
fa9ab2 |
--- a/profiles/winbind/system-auth
|
|
|
fa9ab2 |
+++ b/profiles/winbind/system-auth
|
|
|
fa9ab2 |
@@ -25,7 +25,6 @@ password required pam_deny.so
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
session optional pam_keyinit.so revoke
|
|
|
fa9ab2 |
session required pam_limits.so
|
|
|
fa9ab2 |
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
|
|
fa9ab2 |
-session optional pam_systemd.so
|
|
|
fa9ab2 |
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
|
|
fa9ab2 |
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
fa9ab2 |
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
|
|
|
fa9ab2 |
index e4b8c05c6a11a215529ba66f8b36b72a6ac18448..4e39b7ec66d0e2ba911c7280467ba78fd29c196c 100755
|
|
|
fa9ab2 |
--- a/src/compat/authcompat.py.in.in
|
|
|
fa9ab2 |
+++ b/src/compat/authcompat.py.in.in
|
|
|
fa9ab2 |
@@ -520,7 +520,6 @@ class AuthCompat:
|
|
|
fa9ab2 |
'smartcard' : 'with-smartcard',
|
|
|
fa9ab2 |
'requiresmartcard' : 'with-smartcard-required',
|
|
|
fa9ab2 |
'fingerprint' : 'with-fingerprint',
|
|
|
fa9ab2 |
- 'ecryptfs' : 'with-ecryptfs',
|
|
|
fa9ab2 |
'mkhomedir' : 'with-mkhomedir',
|
|
|
fa9ab2 |
'faillock' : 'with-faillock',
|
|
|
fa9ab2 |
'pamaccess' : 'with-pamaccess',
|
|
|
fa9ab2 |
diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
|
|
|
fa9ab2 |
index c8f52ab6773c4cd5371f32121dba8053f3443261..433a3340bac29739174e78928701214c08ec6f3c 100644
|
|
|
fa9ab2 |
--- a/src/compat/authcompat_Options.py
|
|
|
fa9ab2 |
+++ b/src/compat/authcompat_Options.py
|
|
|
fa9ab2 |
@@ -93,7 +93,6 @@ class Options:
|
|
|
fa9ab2 |
Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
|
|
|
fa9ab2 |
Option.Feature("requiresmartcard",_("require smart card for authentication by default")),
|
|
|
fa9ab2 |
Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
|
|
|
fa9ab2 |
- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
|
|
|
fa9ab2 |
Option.Feature("krb5", _("Kerberos authentication by default")),
|
|
|
fa9ab2 |
Option.Valued ("krb5kdc", _("<server>"), _("default Kerberos KDC")),
|
|
|
fa9ab2 |
Option.Valued ("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
|
|
|
fa9ab2 |
@@ -141,6 +140,7 @@ class Options:
|
|
|
fa9ab2 |
# layers and will produce warning when used. They will not affect
|
|
|
fa9ab2 |
# the system.
|
|
|
fa9ab2 |
Option.UnsupportedFeature("cache"),
|
|
|
fa9ab2 |
+ Option.UnsupportedFeature("ecryptfs"),
|
|
|
fa9ab2 |
Option.UnsupportedFeature("shadow"),
|
|
|
fa9ab2 |
Option.UnsupportedSwitch ("useshadow"),
|
|
|
fa9ab2 |
Option.UnsupportedFeature("md5"),
|
|
|
fa9ab2 |
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
|
|
|
fa9ab2 |
index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c89e9c4ffb 100644
|
|
|
fa9ab2 |
--- a/src/man/authselect-migration.7.adoc
|
|
|
fa9ab2 |
+++ b/src/man/authselect-migration.7.adoc
|
|
|
fa9ab2 |
@@ -80,7 +80,6 @@ configuration file for required services.
|
|
|
fa9ab2 |
|*Authconfig options* |*Authselect profile feature*
|
|
|
fa9ab2 |
|--enablesmartcard |with-smartcard
|
|
|
fa9ab2 |
|--enablefingerprint |with-fingerprint
|
|
|
fa9ab2 |
-|--enableecryptfs |with-ecryptfs
|
|
|
fa9ab2 |
|--enablemkhomedir |with-mkhomedir
|
|
|
fa9ab2 |
|--enablefaillock |with-faillock
|
|
|
fa9ab2 |
|--enablepamaccess |with-pamaccess
|
|
|
fa9ab2 |
@@ -95,8 +94,8 @@ authselect select sssd with-faillock
|
|
|
fa9ab2 |
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
|
|
|
fa9ab2 |
authselect select sssd with-smartcard
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
-authconfig --enableecryptfs --enablepamaccess --updateall
|
|
|
fa9ab2 |
-authselect select sssd with-ecryptfs with-pamaccess
|
|
|
fa9ab2 |
+authconfig --enablepamaccess --updateall
|
|
|
fa9ab2 |
+authselect select sssd with-pamaccess
|
|
|
fa9ab2 |
|
|
|
fa9ab2 |
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
|
|
|
fa9ab2 |
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
|
|
|
fa9ab2 |
--
|
|
|
fa9ab2 |
2.20.1
|
|
|
fa9ab2 |
|