forked from robinrosenberger/realmd-arch-helper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
realmd-arch-helper.sh
57 lines (53 loc) · 2.1 KB
/
realmd-arch-helper.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
case $1 in
--patch-config)
unset patched
grep realmd-arch-helper.sh /usr/lib/realmd/realmd-distro.conf > /dev/null && patched=1
[ $patched ] && echo Realmd-config already patched && exit 0
cp $0 /usr/local/sbin/
sed -i '/commands/a sssd-enable-logins = /usr/local/sbin/realmd-arch-helper.sh --enable-pam-nss' /usr/lib/realmd/realmd-distro.conf
sed -i '/commands/a sssd-disable-logins = /usr/local/sbin/realmd-arch-helper.sh --disable-pam-nss' /usr/lib/realmd/realmd-distro.conf
sed -i '/commands/a sssd-enable-service = /usr/bin/systemctl enable sssd' /usr/lib/realmd/realmd-distro.conf
sed -i '/commands/a sssd-disable-service = /usr/bin/systemctl disable sssd' /usr/lib/realmd/realmd-distro.conf
echo Patched realmd-config, restarting sssd
/usr/bin/systemctl restart sssd
;;
--enable-pam-nss)
cat << EOF > /etc/pam.d/sssd-arch
auth sufficient pam_sss.so forward_pass
password sufficient pam_sss.so use_authtok
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
session optional pam_sss.so
EOF
unset pam
grep sssd-arch /etc/pam.d/system-auth > /dev/null && pam=1
[ $pam ] && echo "SSSD for PAM already enabled"
[ ! $pam ] && sed -i '2 i session include sssd-arch' /etc/pam.d/system-auth
[ ! $pam ] && sed -i '2 i password include sssd-arch' /etc/pam.d/system-auth
[ ! $pam ] && sed -i '2 i auth include sssd-arch' /etc/pam.d/system-auth
grep sssd-arch /etc/pam.d/system-auth > /dev/null && pam=1
[ $pam ] && echo Enabled SSSD in PAM
unset nss
grep sss /etc/nsswitch.conf > /dev/null && nss=1
[ $nss ] && echo SSSD already enabled in NSS
[ ! $nss ] && sed -i '/passwd:/s/$/ sss/' /etc/nsswitch.conf
[ ! $nss ] && sed -i '/group:/s/$/ sss/' /etc/nsswitch.conf
[ ! $nss ] && sed -i '/shadow:/s/$/ sss/' /etc/nsswitch.conf
grep sss /etc/nsswitch.conf > /dev/null && nss=1
[ $nss ] && echo Enabled SSSD in NSS
;;
--disable-pam-nss)
sed -i '/sssd-arch/d' /etc/pam.d/system-auth
sed -i 's/sss//g' /etc/nsswitch.conf
;;
*)
cat << EOF
Script to prepare realmd and realmd-git AUR packages to succesfully join a domain.
Run with --patch-config before joining
Valid options:
--patch-config
--enable-pam-nss
--disable-pam-nss
EOF
;;
esac