From 0846ca08eb9e40125fe804d4886532980f9a0f6e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 23 Jul 2018 16:20:47 -0400
Subject: [PATCH 1/2] [krb5] Add more files to krb5 plugin
Add files for KDC configuration and logging, including kadmin files
and a klist of the K/M stash.
Gather any additional configuration snippet files in
/etc/krb5.conf.d (which is configured by default on Fedora- and
RHEL-like systems, and hopefully on Debian systems in the future).
The sssd plugin already takes care of
/var/lib/sss/pubconf/krb5.include.d/, so don't include that.
Resolves: #1385
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
---
sos/plugins/krb5.py | 26 ++++++++++++++++++++++----
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py
index 3764f4ef..04d8018c 100644
--- a/sos/plugins/krb5.py
+++ b/sos/plugins/krb5.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2013 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
+# Copyright (C) 2013,2018 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
# This file is part of the sos project: https://github.com/sosreport/sos
#
@@ -8,19 +8,37 @@
#
# See the LICENSE file in the source distribution for further information.
-from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
+from sos.plugins import Plugin, RedHatPlugin
-class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
+class Krb5(Plugin):
"""Kerberos authentication
"""
plugin_name = 'krb5'
profiles = ('identity', 'system')
packages = ('krb5-libs', 'krb5-user')
+ # This is Debian's default, which is closest to upstream's
+ kdcdir = "/var/lib/krb5kdc"
+
def setup(self):
- self.add_copy_spec("/etc/krb5.conf")
+ self.add_copy_spec([
+ "/etc/krb5.conf",
+ "/etc/krb5.conf.d/*",
+ "%s/kadm5.acl" % self.kdcdir,
+ "%s/kdc.conf" % self.kdcdir,
+ "/var/log/krb5kdc.log",
+ "/var/log/kadmind.log"
+ ])
+ self.add_cmd_output("klist -ket %s/.k5*" % self.kdcdir)
self.add_cmd_output("klist -ket /etc/krb5.keytab")
+class RedHatKrb5(Krb5, RedHatPlugin):
+
+ def setup(self):
+ self.kdcdir = "/var/kerberos/krb5kdc"
+ super(RedHatKrb5, self).setup()
+
+
# vim: set et ts=4 sw=4 :
--
2.17.1
From b30bf75847791d85d0e6e51a9b526b2bc93fc38e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 23 Jul 2018 16:53:02 -0400
Subject: [PATCH 2/2] [plugins] Add plugin for gssproxy
gssproxy stores its configuration in /etc/gssproxy. Also capture the
mech configuration so that we can tell if gssproxy is enabled and any
other GSS mechs in use.
Resolves: #1386
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
---
sos/plugins/gssproxy.py | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
create mode 100644 sos/plugins/gssproxy.py
diff --git a/sos/plugins/gssproxy.py b/sos/plugins/gssproxy.py
new file mode 100644
index 00000000..7fdde14d
--- /dev/null
+++ b/sos/plugins/gssproxy.py
@@ -0,0 +1,28 @@
+# Copyright (C) 2018 Red Hat, Inc., Robbie Harwood <rharwood@redhat.com>
+
+# This file is part of the sos project: https://github.com/sosreport/sos
+#
+# This copyrighted material is made available to anyone wishing to use,
+# modify, copy, or redistribute it subject to the terms and conditions of
+# version 2 of the GNU General Public License.
+#
+# See the LICENSE file in the source distribution for further information.
+
+from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
+
+
+class GSSProxy(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
+ """GSSAPI Proxy
+ """
+
+ plugin_name = "gssproxy"
+ profiles = ('services', 'security', 'identity')
+ packages = ('gssproxy',)
+
+ def setup(self):
+ self.add_copy_spec([
+ "/etc/gssproxy/*.conf",
+ "/etc/gss/mech.d/*"
+ ])
+
+# vim: set et ts=4 sw=4 :
--
2.17.1