|
 |
fce3c4 |
From 0846ca08eb9e40125fe804d4886532980f9a0f6e Mon Sep 17 00:00:00 2001
|
|
|
fce3c4 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
fce3c4 |
Date: Mon, 23 Jul 2018 16:20:47 -0400
|
|
|
fce3c4 |
Subject: [PATCH 1/2] [krb5] Add more files to krb5 plugin
|
|
|
fce3c4 |
|
|
|
fce3c4 |
Add files for KDC configuration and logging, including kadmin files
|
|
|
fce3c4 |
and a klist of the K/M stash.
|
|
|
fce3c4 |
|
|
|
fce3c4 |
Gather any additional configuration snippet files in
|
|
|
fce3c4 |
/etc/krb5.conf.d (which is configured by default on Fedora- and
|
|
|
fce3c4 |
RHEL-like systems, and hopefully on Debian systems in the future).
|
|
|
fce3c4 |
The sssd plugin already takes care of
|
|
|
fce3c4 |
/var/lib/sss/pubconf/krb5.include.d/, so don't include that.
|
|
|
fce3c4 |
|
|
|
fce3c4 |
Resolves: #1385
|
|
|
fce3c4 |
|
|
|
fce3c4 |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
fce3c4 |
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
fce3c4 |
---
|
|
|
fce3c4 |
sos/plugins/krb5.py | 26 ++++++++++++++++++++++----
|
|
|
fce3c4 |
1 file changed, 22 insertions(+), 4 deletions(-)
|
|
|
fce3c4 |
|
|
|
fce3c4 |
diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py
|
|
|
fce3c4 |
index 3764f4ef..04d8018c 100644
|
|
|
fce3c4 |
--- a/sos/plugins/krb5.py
|
|
|
fce3c4 |
+++ b/sos/plugins/krb5.py
|
|
|
fce3c4 |
@@ -1,4 +1,4 @@
|
|
|
fce3c4 |
-# Copyright (C) 2013 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
|
|
|
fce3c4 |
+# Copyright (C) 2013,2018 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
|
|
|
fce3c4 |
|
|
|
fce3c4 |
# This file is part of the sos project: https://github.com/sosreport/sos
|
|
|
fce3c4 |
#
|
|
|
fce3c4 |
@@ -8,19 +8,37 @@
|
|
|
fce3c4 |
#
|
|
|
fce3c4 |
# See the LICENSE file in the source distribution for further information.
|
|
|
fce3c4 |
|
|
|
fce3c4 |
-from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
|
|
|
fce3c4 |
+from sos.plugins import Plugin, RedHatPlugin
|
|
|
fce3c4 |
|
|
|
fce3c4 |
|
|
|
fce3c4 |
-class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
|
|
|
fce3c4 |
+class Krb5(Plugin):
|
|
|
fce3c4 |
"""Kerberos authentication
|
|
|
fce3c4 |
"""
|
|
|
fce3c4 |
plugin_name = 'krb5'
|
|
|
fce3c4 |
profiles = ('identity', 'system')
|
|
|
fce3c4 |
packages = ('krb5-libs', 'krb5-user')
|
|
|
fce3c4 |
|
|
|
fce3c4 |
+ # This is Debian's default, which is closest to upstream's
|
|
|
fce3c4 |
+ kdcdir = "/var/lib/krb5kdc"
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
def setup(self):
|
|
|
fce3c4 |
- self.add_copy_spec("/etc/krb5.conf")
|
|
|
fce3c4 |
+ self.add_copy_spec([
|
|
|
fce3c4 |
+ "/etc/krb5.conf",
|
|
|
fce3c4 |
+ "/etc/krb5.conf.d/*",
|
|
|
fce3c4 |
+ "%s/kadm5.acl" % self.kdcdir,
|
|
|
fce3c4 |
+ "%s/kdc.conf" % self.kdcdir,
|
|
|
fce3c4 |
+ "/var/log/krb5kdc.log",
|
|
|
fce3c4 |
+ "/var/log/kadmind.log"
|
|
|
fce3c4 |
+ ])
|
|
|
fce3c4 |
+ self.add_cmd_output("klist -ket %s/.k5*" % self.kdcdir)
|
|
|
fce3c4 |
self.add_cmd_output("klist -ket /etc/krb5.keytab")
|
|
|
fce3c4 |
|
|
|
fce3c4 |
|
|
|
fce3c4 |
+class RedHatKrb5(Krb5, RedHatPlugin):
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+ def setup(self):
|
|
|
fce3c4 |
+ self.kdcdir = "/var/kerberos/krb5kdc"
|
|
|
fce3c4 |
+ super(RedHatKrb5, self).setup()
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
# vim: set et ts=4 sw=4 :
|
|
|
fce3c4 |
--
|
|
|
fce3c4 |
2.17.1
|
|
|
fce3c4 |
|
|
|
fce3c4 |
|
|
|
fce3c4 |
From b30bf75847791d85d0e6e51a9b526b2bc93fc38e Mon Sep 17 00:00:00 2001
|
|
|
fce3c4 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
fce3c4 |
Date: Mon, 23 Jul 2018 16:53:02 -0400
|
|
|
fce3c4 |
Subject: [PATCH 2/2] [plugins] Add plugin for gssproxy
|
|
|
fce3c4 |
|
|
|
fce3c4 |
gssproxy stores its configuration in /etc/gssproxy. Also capture the
|
|
|
fce3c4 |
mech configuration so that we can tell if gssproxy is enabled and any
|
|
|
fce3c4 |
other GSS mechs in use.
|
|
|
fce3c4 |
|
|
|
fce3c4 |
Resolves: #1386
|
|
|
fce3c4 |
|
|
|
fce3c4 |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
fce3c4 |
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
fce3c4 |
---
|
|
|
fce3c4 |
sos/plugins/gssproxy.py | 28 ++++++++++++++++++++++++++++
|
|
|
fce3c4 |
1 file changed, 28 insertions(+)
|
|
|
fce3c4 |
create mode 100644 sos/plugins/gssproxy.py
|
|
|
fce3c4 |
|
|
|
fce3c4 |
diff --git a/sos/plugins/gssproxy.py b/sos/plugins/gssproxy.py
|
|
|
fce3c4 |
new file mode 100644
|
|
|
fce3c4 |
index 00000000..7fdde14d
|
|
|
fce3c4 |
--- /dev/null
|
|
|
fce3c4 |
+++ b/sos/plugins/gssproxy.py
|
|
|
fce3c4 |
@@ -0,0 +1,28 @@
|
|
|
fce3c4 |
+# Copyright (C) 2018 Red Hat, Inc., Robbie Harwood <rharwood@redhat.com>
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+# This file is part of the sos project: https://github.com/sosreport/sos
|
|
|
fce3c4 |
+#
|
|
|
fce3c4 |
+# This copyrighted material is made available to anyone wishing to use,
|
|
|
fce3c4 |
+# modify, copy, or redistribute it subject to the terms and conditions of
|
|
|
fce3c4 |
+# version 2 of the GNU General Public License.
|
|
|
fce3c4 |
+#
|
|
|
fce3c4 |
+# See the LICENSE file in the source distribution for further information.
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+class GSSProxy(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
|
|
|
fce3c4 |
+ """GSSAPI Proxy
|
|
|
fce3c4 |
+ """
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+ plugin_name = "gssproxy"
|
|
|
fce3c4 |
+ profiles = ('services', 'security', 'identity')
|
|
|
fce3c4 |
+ packages = ('gssproxy',)
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+ def setup(self):
|
|
|
fce3c4 |
+ self.add_copy_spec([
|
|
|
fce3c4 |
+ "/etc/gssproxy/*.conf",
|
|
|
fce3c4 |
+ "/etc/gss/mech.d/*"
|
|
|
fce3c4 |
+ ])
|
|
|
fce3c4 |
+
|
|
|
fce3c4 |
+# vim: set et ts=4 sw=4 :
|
|
|
fce3c4 |
--
|
|
|
fce3c4 |
2.17.1
|
|
|
fce3c4 |
|