From 53755ebe00bceb8c2af5820f09c219525336372e Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 20 Dec 2016 16:37:48 +0100 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- .etckeeper | 1 + openldap/schema/openssh-lpk.schema | 19 +++++++++++++++++++ ssh/sshd_config | 16 ++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 openldap/schema/openssh-lpk.schema diff --git a/.etckeeper b/.etckeeper index c75823c..a8e8396 100755 --- a/.etckeeper +++ b/.etckeeper @@ -401,6 +401,7 @@ maybe chmod 0444 'openldap/schema/nis.ldif' maybe chmod 0444 'openldap/schema/nis.schema' maybe chmod 0444 'openldap/schema/openldap.ldif' maybe chmod 0444 'openldap/schema/openldap.schema' +maybe chmod 0644 'openldap/schema/openssh-lpk.schema' maybe chmod 0444 'openldap/schema/pmi.ldif' maybe chmod 0444 'openldap/schema/pmi.schema' maybe chmod 0444 'openldap/schema/ppolicy.ldif' diff --git a/openldap/schema/openssh-lpk.schema b/openldap/schema/openssh-lpk.schema new file mode 100644 index 0000000..5f5512a --- /dev/null +++ b/openldap/schema/openssh-lpk.schema @@ -0,0 +1,19 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey +# Author: Eric AUGE +# +# Based on the proposal of : Mark Ruijter +# + + +# octetString SYNTAX +attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + +# printableString SYNTAX yes|no +objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid ) + ) diff --git a/ssh/sshd_config b/ssh/sshd_config index 2f728d2..4251be2 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -121,6 +121,22 @@ PrintLastLog no # no default banner path #Banner none +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server -- 2.39.5