From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Kolya Grechukh Organization: Refractory Trading House To: community@altlinux.ru Date: Tue, 16 Dec 2003 18:33:03 +0200 User-Agent: KMail/1.5 MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_/Oz3/x9FBQ1ENSg" Message-Id: <200312161833.03178.ngrechukh@ua.fm> Subject: [Comm] winbind (maybe again) X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.3 Precedence: list Reply-To: community@altlinux.ru List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 16:33:12 -0000 Archived-At: List-Archive: List-Post: --Boundary-00=_/Oz3/x9FBQ1ENSg Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: base64 Content-Disposition: inline 7/vy4P7x/CDt4PHy8O7o8vwg4vXu5CDv7uQg8/fl8u3u6SDn4O/o8fz+IG50IOTu7OXt4C4K5ODt 7joKd2luMjAwMHNlcnZlciAo4OTs6O3x6uj1IO/w4OIg7eXyLCDoIO3lIO/u7eDk7uHo6+jx/CkK bWFzdGVyMi4yCnBhbS1jb25maWctMS4xLjMtYWx0MQpzYW1iYTMtMy4wLWFsdDQ2LjFtIChzaHJl ayfu4vHq7ukg8eHu8OroKQpwYW0tMC43NS1hbHQxOAoK8eDs4eAg6uDqIPLg6u7i4P8g8+blIO3g 8fLw7uXt4C4g4iAvZXRjL25zc3dpdGNoLmNvbmYg5O7v6PH74uD+IPHr7uLuIHdpbmJpbmQuCnBh c3N3ZDogICAgIGZpbGVzIHdpbmJpbmQgbmlzcGx1cyBuaXMKc2hhZG93OiAgICAgd2luYmluZCAg dGNiIGZpbGVzIG5pc3BsdXMgbmlzCmdyb3VwOiAgICAgIGZpbGVzIHdpbmJpbmQgbmlzcGx1cyBu aXMKCvDg8eru7OXt8ujw7uLg6yB0ZW1wbGF0ZSBzaGVsbC4KCuLq6/734P4g4iDk7uzl7SDv8/Ll 7CAKW2tvbHlhQGducyBrb2x5YV0kIHN1ZG8gbmV0IGpvaW4gLVUgR05TLgpba29seWFAZ25zIGtv bHlhXSQgc3VkbyBzZXJ2aWNlIHdpbmJpbmQgc3RhcnQKW2tvbHlhQGducyBrb2x5YV0kIHN1ZG8g d2JpbmZvIC1wCi4uLuXx8vwuCltrb2x5YUBnbnMga29seWFdJCBzdWRvIHdiaW5mbyAtdAouLi7l 8fL8Lgpba29seWFAZ25zIGtvbHlhXSQgc3VkbyB3YmluZm8gLS1zZXQtYXV0aC11c2VyCltrb2x5 YUBnbnMga29seWFdJCBzdWRvIHdiaW5mbyAtdSAK4vHlIPDg4e7y4OXyLgoK5+Dv4PDgIOL7+Ovg IPEg7eDx8vDu6eru6SBwYW1fd2luYmluZC4gL21lIPLg6iDoIO3lIO/u7f/rIOrg6iDq7vjl8O3u IOIgCu/u7f/y6P/1IODr/PLgIOLq6/736PL8IHBhbV93aW5iaW5kLgry4Oog6CDt5SDz5ODr7vH8 IOL75+Lg8vwgd2luYmluZCDt4O/w/+zz/iDo5yBzeXN0ZW0tYXV0aCAo8uDqIPfy7uH7IO7tIArv 8O7i5fD/6/H/IOTr/yDi8eX1IPHl8OLo8e7iKS4g8e7u8uLl8vHy4uXt7e4sIOL75+7iIHdpbmJp bmQg7/Do5OXy8f8gCufg5ODi4PL8IOTr/yDq4Obk7uPuIPHl8OLo8eAg7vLk5ev87e4uCgriIO7h +eXsLCDv8/Ll7CDk6+jy5ev87fv1IP3q8e/l8Ojs5e3y7uIsIO/u6/P36Osg8evl5PP++eXlOgri IHBhbS5kL2xvZ2luCmF1dGggICAgcmVxdWlyZWQgICAgICAgIC9saWIvc2VjdXJpdHkvcGFtX3N0 YWNrLnNvIHNlcnZpY2U9c3lzdGVtLWF1dGgtd2luYmluZAphY2NvdW50ICAgIHJlcXVpcmVkICAg L2xpYi9zZWN1cml0eS9wYW1fc3RhY2suc28gc2VydmljZT1zeXN0ZW0tYXV0aC13aW5iaW5kCnBh c3N3b3JkICAgIHJlcXVpcmVkICAgL2xpYi9zZWN1cml0eS9wYW1fc3RhY2suc28gc2VydmljZT1z eXN0ZW0tYXV0aC13aW5iaW5kCnNlc3Npb24gIHJlcXVpcmVkICAgIC9saWIvc2VjdXJpdHkvcGFt X3N0YWNrLnNvIHNlcnZpY2U9c3lzdGVtLWF1dGgtd2luYmluZAoo4uzl8fLuIHN5c3RlbS1hdXRo KS4KCu3uIO/u8evlIP3y7uPuIPHr5eTz/vno6SDh4OM6Cgrr7uPo7f7x/CDv7uQg6Ozl7eXsIFRE T1xHTlMg8SDv4PDu6+XsIOTu7OXt4C4KRGVjIDE2IDE4OjA2OjQ0IGducyBsb2dpbjogUEFNIHBh bV9wYXJzZTogZXhwZWN0aW5nIHJldHVybiB2YWx1ZTsgWy4uLmluY2x1ZGVdCkRlYyAxNiAxODow Njo0NCBnbnMgbG9naW46IFBBTSB1bmFibGUgdG8gCmRsb3BlbigvbGliL3NlY3VyaXR5L3N5c3Rl bS1hdXRoLXVzZV9maXJzdF9wYXNzKQpEZWMgMTYgMTg6MDY6NDQgZ25zIGxvZ2luOiBQQU0gW2Rs ZXJyb3I6IAovbGliL3NlY3VyaXR5L3N5c3RlbS1hdXRoLXVzZV9maXJzdF9wYXNzOiBjYW5ub3Qg b3BlbiBzaGFyZWQgb2JqZWN0IGZpbGU6IE5vIApzdWNoIGZpbGUgb3IgZGlyZWN0b3J5XQpEZWMg MTYgMTg6MDY6NDQgZ25zIGxvZ2luOiBQQU0gYWRkaW5nIGZhdWx0eSBtb2R1bGU6IAovbGliL3Nl Y3VyaXR5L3N5c3RlbS1hdXRoLXVzZV9maXJzdF9wYXNzCkRlYyAxNiAxODowNjo0NCBnbnMgbG9n aW46IFBBTSBwYW1fcGFyc2U6IGV4cGVjdGluZyByZXR1cm4gdmFsdWU7IFsuLi5pbmNsdWRlXQpE ZWMgMTYgMTg6MDY6NDQgZ25zIGxvZ2luOiBQQU0gdW5hYmxlIHRvIGRsb3BlbigvbGliL3NlY3Vy aXR5L3N5c3RlbS1hdXRoKQpEZWMgMTYgMTg6MDY6NDQgZ25zIGxvZ2luOiBQQU0gW2RsZXJyb3I6 IC9saWIvc2VjdXJpdHkvc3lzdGVtLWF1dGg6IGNhbm5vdCAKb3BlbiBzaGFyZWQgb2JqZWN0IGZp bGU6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnldCkRlYyAxNiAxODowNjo0NCBnbnMgbG9naW46 IFBBTSBhZGRpbmcgZmF1bHR5IG1vZHVsZTogL2xpYi9zZWN1cml0eS9zeXN0ZW0tYXV0aApEZWMg MTYgMTg6MDY6NDQgZ25zIGxvZ2luOiBQQU0gcGFtX3BhcnNlOiBleHBlY3RpbmcgcmV0dXJuIHZh bHVlOyBbLi4uaW5jbHVkZV0KRGVjIDE2IDE4OjA2OjQ0IGducyBsb2dpbjogUEFNIHBhbV9wYXJz ZTogZXhwZWN0aW5nIHJldHVybiB2YWx1ZTsgWy4uLmluY2x1ZGVdCkRlYyAxNiAxODowNjo0NiBn bnMgcGFtX3dpbmJpbmRbMjEyNjNdOiB1c2VyICdURE9cR05TJyBncmFudGVkIGFjY2VzCkRlYyAx NiAxODowNjo0NiBnbnMgcGFtX3dpbmJpbmRbMjEyNjNdOiB1c2VyICdURE9cR05TJyBncmFudGVk IGFjY2VzCkRlYyAxNiAxODowNjo0NiBnbnMgbG9naW5bMjEyNjNdOiB1bmFibGUgdG8gb3BlbiBz ZXNzaW9uOiBNb2R1bGUgaXMgdW5rbm93bgpEZWMgMTYgMTg6MDY6NDYgZ25zIGxvZ2luWzIxMjYz XTogcGFtX29wZW5fc2Vzc2lvbjogdW5hYmxlIHRvIG9wZW4gc2Vzc2lvbgoK4ujn8+Dr/O3uIP3y 7iDi++Pr/+To8iDq4Oog6+7j6O0g7/Du+OXrLCD38u4t8u4g4fvx8vDuIOzl6/zq7fPr7iDoIO7v //L8IArv8Ojj6+D45e3o/iDqIOLi7uTzIOvu4+jt4C4g4iDx6PHy5ezzIO3lIOfg9e7k6PIuIO3l IOHz5PMg7u/o8fvi4PL8IOTu6+Po6SAgCu/u6PHqIPDl+OXt6P8sIPHq4ObzIPDl5/Pr/PLg8i4g 9/Lu4fsg4vHlIPDg4e7y4OvuLCDt8+bt7iDl+eUgCufg6u7s7OXt8ujw7uLg8vwg8evl5PP++ejl IPHy8O736ugg4iBzeXN0ZW0tYXV0aC13aW5iaW5kOgoKYXV0aCAgICAgaW5jbHVkZSAgICAgIHN5 c3RlbS1hdXRoLXVzZV9maXJzdF9wYXNzCmFjY291bnQgICAgICAgIGluY2x1ZGUgICAgICAgIHN5 c3RlbS1hdXRoCnBhc3N3b3JkIGluY2x1ZGUgICAgICBzeXN0ZW0tYXV0aC11c2VfZmlyc3RfcGFz cwpzZXNzaW9uICBpbmNsdWRlICAgICAgc3lzdGVtLWF1dGgKCv3y7uPuIOTu8fLg8u737e4gKO/w 7uLl8OXt7iDt4CDy5fHy7uLu6SDs4Pjo7eUg8SD36PHy++wg7ODx8uXw7uwgKyDy4CDm5SAK8eDs 4eAuKSDr7uPo7SDiIOru7fHu6+gg8ODh7vLg5fIsIOgg5O7s4Pjt//8g7+Dv6uAg8e7n5ODt4C4K 8ODh7vLg5fIt8u4g4vHlIPDg4e7y4OXyLCDt7iDv8ODi6Ov87fvpIOvoIP3y7iDv8/L8PyDoIO/u 9+Xs8yAKc3lzdGVtLWF1dGgtd2luYmluZCDj6/737fvpLCD98u4g4eDjIOjr6CD06PfgPyDq7vDw 5ery7fsg6+gg7O7oIAro8e/w4OLr5e3o/yzt5SDx6+7s4Osg6+gg/yD35ePuLiDsLuEg8evl5PPl 8iDiIHN5c3RlbS1hdXRoLXdpbmJpbmQg7eDv6PHg8vwgCvHx++vq8yDt4CBzeXN0ZW0tYXV0aCDi 7OXx8u4gaW5jbHVkZSAg4iDi6OTlIHN1ZmZpY2llbnQgcGFtX3N0YWNrIApzZXJ2aWNlPXN5c3Rl bS1hdXRoPyAKCmJ0dzog5Ov/IO/w6Ozl7eXt6P8g4PPy5e3y6PTo6uD26Oggd2luYmluZCDqIOTw 8+Po7CDx5fDi6PHg7Cwg4iDo9SBwYW0g8u7m5SAK7/Do5OXy8f8g7/Du7+jx++Lg8vwgc3lzdGVt LWF1dGgtd2luYmluZD8/CgriIODy8uD35SDq7u306OPoIMTOIOjn7OXt5e3o6S4g6CDi++Lu5CBk aWZmLgoKLS0tLS0tLS0KTmljayBTLiBHcmVjaHVraAprb2x5YWdAbWFpbC5ydQpSZWZyYWN0b3J5 IFRyYWRpbmcgSG91c2UsIG5ldHdvcmsgYWRtaW5pc3RyYXRvci4K --Boundary-00=_/Oz3/x9FBQ1ENSg Content-Type: text/plain; charset="windows-1251"; name="login" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="login" #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so auth optional /lib/security/pam_mail.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_lastlog.so nowtmp session optional /lib/security/pam_motd.so session optional /lib/security/pam_console.so --Boundary-00=_/Oz3/x9FBQ1ENSg Content-Type: text/plain; charset="windows-1251"; name="system-auth" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="system-auth" #%PAM-1.0 auth required /lib/security/pam_tcb.so shadow fork prefix=$2a$ count=8 nullok account required /lib/security/pam_tcb.so shadow fork password required /lib/security/pam_passwdqc.so min=disabled,24,12,8,7 max=40 passphrase=3 match=4 similar=deny random=42 enforce=users retry=3 password required /lib/security/pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 write_to=tcb session required /lib/security/pam_tcb.so session required /lib/security/pam_limits.so --Boundary-00=_/Oz3/x9FBQ1ENSg Content-Type: text/plain; charset="windows-1251"; name="system-auth-winbind" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="system-auth-winbind" #%PAM-1.0 auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_winbind.so auth include system-auth-use_first_pass account sufficient pam_winbind.so account include system-auth password sufficient pam_winbind.so password include system-auth-use_first_pass # We use pam_mkhomedir to create home dirs for incoming domain users # Note used umask, it will result in rwxr-x--x access rights session required pam_mkhomedir.so skel=/etc/skel.ru_RU.CP1251/ umask=0026 session include system-auth --Boundary-00=_/Oz3/x9FBQ1ENSg Content-Type: text/x-diff; charset="windows-1251"; name="patch_pam-for-winbind" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch_pam-for-winbind" --- login 2003-12-16 18:13:30 +0200 +++ ../new/login 2003-12-16 18:17:07 +0200 @@ -1,11 +1,11 @@ #%PAM-1.0 auth required /lib/security/pam_securetty.so -auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_stack.so service=system-auth-winbind auth required /lib/security/pam_nologin.so auth optional /lib/security/pam_mail.so -account required /lib/security/pam_stack.so service=system-auth -password required /lib/security/pam_stack.so service=system-auth -session required /lib/security/pam_stack.so service=system-auth +account required /lib/security/pam_stack.so service=system-auth-winbind +password required /lib/security/pam_stack.so service=system-auth-winbind +session required /lib/security/pam_stack.so service=system-auth-winbind session optional /lib/security/pam_lastlog.so nowtmp session optional /lib/security/pam_motd.so session optional /lib/security/pam_console.so --- system-auth-winbind 2003-12-16 18:13:10 +0200 +++ ../new/system-auth-winbind 2003-12-16 18:21:08 +0200 @@ -2,12 +2,12 @@ auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_winbind.so -auth include system-auth-use_first_pass +#auth include system-auth-use_first_pass account sufficient pam_winbind.so -account include system-auth +#account include system-auth password sufficient pam_winbind.so -password include system-auth-use_first_pass +#password include system-auth-use_first_pass # We use pam_mkhomedir to create home dirs for incoming domain users # Note used umask, it will result in rwxr-x--x access rights session required pam_mkhomedir.so skel=/etc/skel.ru_RU.CP1251/ umask=0026 -session include system-auth +#session include system-auth --Boundary-00=_/Oz3/x9FBQ1ENSg--