ACC SHELL

Path : /usr/share/YaST2/modules/
File Upload :
Current File : //usr/share/YaST2/modules/Kerberos.ybc

YaST bytecode 1.4.0Kerberos;Kerberos.ycp	FileUtilsHostnameLabelModePackagePamProgressReport	Service
StageSummaryrequired_packages	

write_onlyuse_pam_krbpam_unix_present
default_realm	default_domain	dns_default_realm	dns_kdc	kdc	admin_server	trusted_servers		clockskew	pam_modifiedssh_modifiedmodifiedticket_lifetime	renew_lifetime	forwardable		proxiable	retain_after_close	 ssh_support!minimum_uid	"	use_shmem	#mappings	$ignore_unknown%ssh_section	&packages	'
dns_available(dns_used)ExpertSettings	*OrigExpertSettings	+Modified,Import-Export.ReadKrb5ConfValues		/ReadKrb5ConfValue		0ReadFile		1WriteKrb5ConfValues	2WriteKrb5ConfValuesAsString	3WriteKrb5ConfValue	4	WriteFile	5Read6Write7Summary8ShortSummary	9AutoPackages:ValidateTimeEntries		+"

$'-.0148:<=>ABCDF  G!!H""K##L$$O&&U''X(([))`++i,,tsettings--..
path_to_value	def_value	//
path_to_value	def_value	00
path_to_value	def_value	11
path_to_valuevalues	22
path_to_valuevalues	33
path_to_valuevalue	44
path_to_valuevalue	5566778899::key	val	<3SCRReadWriteDir	ExecuteUnmountAgent0kerberos3	FileUtilsExists	3HostnameCurrentHostname	
CurrentDomain	3Label3Modetest3PackageDoInstallAndRemove			Available		Installed	3PamRemove	Enabled	Query	Add	3ProgressNew					NextStage3ReportError	3Service3Stagecont3Summary
NotConfigured		AddHeader			AddLine			$"	pam_krb5krb5krb5-client$$
$'$*$-$.$0$1$4$5$8$:300$<$=$>$A1d$B1d$Ctrue$Dfalse$Ffalse$G $H!1$K"sshd$L#$O$$R%*$U&	$X'$[($`)
$c*
%i+,j	
y2debug	
modified=%1-k||||%t,client&u
	pam_loginuse_kerberos$v
kerberos_client
&x	default_domain&y	
default_realm&z	
kdc_server&{		clockskew&| ssh_support&}$ignore_unknown$&~	ticket_lifetime1d&	renew_lifetime1d&!	minimum_uid!&forwardabletruefalse&	proxiabletruefalse&"		use_shmem"&#	mappings&	trusted_servers&)ExpertSettings
(&&!haskey)	use_shmemhaskey	use_shmem')	use_shmem"&&&-%-
export_map$
	pam_loginuse_kerberoskerberos_clientdefault_domain
default_realm
kdc_server	clockskewssh_support ignore_unknown$ticket_lifetimerenew_lifetimeminimum_uid!forwardabletrue	proxiabletrueExpertSettings)(#'
kerberos_clientmappings#('
kerberos_clienttrusted_servers-
%.value	$		SCR::Read
(&
-%/vals$.

-	
%0,	
	y2warning	
;This function is deprecated, use ReadKrb5ConfValue instead.-/

%1(||

	-
SCR::Write
-
SCR::Write

%2-1
			filterval				splitstring			
 	%3(||

-
SCR::Write
-1

%4,	
	y2warning	
<This function is deprecated, use WriteKrb5ConfValue instead.-3

%5	pam_queryhostname	$

krb5&size
(&$contains
account	ignore_unknown_principals(/etc/krb5.conf4pam_p,	
y2debug	
krb5.conf sections: %1	SCR::Dir	.etc.krb5_conf.s&/*.etc.krb5_conf.v.libdefaults.default_realm&/&.etc.krb5_conf.v.libdefaults.clockskew300(	size	4realm$	add	.etc.krb5_conf.v&			mergestring			.	add	kdc &			mergestring			.	add	admin_server & /	add	default_domain("&#$%.etc.krb5_conf.v.pam&&/	add	ticket_lifetime1d&'/	add	renew_lifetime1d&(/	add	forwardabletrue&)/	add		proxiablefalse&*!/	add	minimum_uid1,,		foreachkey		keytab
ccache_dirccname_templatemappingsexisting_ticketexternalvalidate	use_shmemaddresslessdebugdebug_sensitiveinitial_promptsubsequent_promptbannerval	$1/	add	(2'3)(5!haskey)	use_shmem'6)	use_shmemsshd&7"	)	use_shmemsshd(8!haskey)external'9)externalsshd&;*)&=/'.etc.krb5_conf.v.pkinit.trusted_servers,@SCR::Execute.target.bash		
sformat		
/usr/bin/touch /etc/krb5.conf(C4D&E(G&&4Hout$ISCR::Execute.target.bash_output
domainname(Jexit&K			deletechars				stdout
(P&&&&/usr/bin/dig!4Rout$SSCR::Execute.target.bash_output		
sformat		
dig TXT _kerberos.%1 +short&T			deletechars				stdout
"(U4Vsplit&WSCR::Execute.target.bash_output		
sformat		
 dig SRV _kerberos._udp.%1 +short$X			splitstring						deletechars				stdout
 &Y	(Z&&			substring		-	size	.&\			substring		-	size	(]&^'(a&&||!contains	SCR::Dir	.etc.krb5_conf.sdomain_realm	SCR::Dir	.etc.krb5_conf.v.domain_realm	4d&e(&f&g,h	
y2milestone	
!kdc by DNS %1, default_domain: %2,j	
y2milestone	
DNS is used for Kerberos data(o&&||||MY.REALMEXAMPLE.COM4r&s		toupper		(u&&||||MY.COMPUTERkerberos.example.com/usr/bin/ypwhich4wout$xSCR::Execute.target.bash_output/usr/bin/ypwhich&y			deletechars				stdout
({&&||||MY.COMPUTERkerberos.example.com
/usr/bin/host4}proposed	m$~+			kdc.$SCR::Execute.target.bash_output		
sformat		
+LANG=C /usr/bin/host %1 | /bin/grep address(exit&,	
y2milestone	
no kdc defined, proposing: %1,	
y2debug	
ssh_config sections: %1	SCR::Dir	.etc.ssh.ssh_config.s$
& ,		foreachsec		SCR::Dir	.etc.ssh.ssh_config.scont( -$	SCR::Dir		add	.etc.ssh.ssh_config.v,	
y2debug	
section %1 contains: %2(&&||*
&&containsGSSAPIAuthenticationcontainsGSSAPIDelegateCredentials4& &&	SCR::Read	add		add	.etc.ssh.ssh_config.vGSSAPIAuthenticationyes	SCR::Read	add		add	.etc.ssh.ssh_config.vGSSAPIDelegateCredentialsyes&%( & -%6
pam_installedretcaption		no_stagesstages	steps$
$
$
$Saving Kerberos Client Configurationkerberos$
$
Write PAM settingskerberosWrite Kerberos client settingskerberosWrite OpenSSH settingskerberos$
Writing PAM settings...kerberos#Writing Kerberos client settings...kerberosWriting OpenSSH settings...kerberosFinishedkerberos(&	4&
			prepend
Install required packageskerberos&
prepend
Installing required packages...kerberos&
+
,
 


(&	4
to_install	,	
y2debug	
packages to install: %1&,$	,		foreachp	&(&			add,	&&	,(||
4(4,krb5(ldap,ldap-account_only($,krb5-ignore_unknown_principals,krb5-ignore_unknown_principals4(ldap-account_only,ldap,krb5,(&&!(4,3*.etc.krb5_conf.v.libdefaults.default_realm(4domain	$(		findfirstof		.&+			.,3	add	.etc.krb5_conf.v.domain_realm,3&.etc.krb5_conf.v.libdefaults.clockskew(
		contains	SCR::Dir	.etc.krb5_conf.s4,2	add		add	.etc.krb5_conf.vkdc(&&,3	add		add	.etc.krb5_conf.vdefault_domain(,2	add		add	.etc.krb5_conf.vadmin_server(4,
SCR::Write	add	.etc.krb5_conf.st.realms	,2	add		add	.etc.krb5_conf.v.realmskdc( &&,!3	add		add	.etc.krb5_conf.v.realmsdefault_domain(#,$2	add		add	.etc.krb5_conf.v.realmsadmin_server((4)pam_sect(0(41,2	
y2milestone	
3DNS set to use: removing domain info from krb5.conf,33.etc.krb5_conf.s.domain_realm,43	add	.etc.krb5_conf.s,63*.etc.krb5_conf.v.libdefaults.default_realm$;.etc.krb5_conf.v.pam(<!		contains	SCR::Dir	.etc.krb5_conf.spam4=,?
SCR::Write!.etc.krb5_conf.st.appdefaults.pam	&@ .etc.krb5_conf.v.appdefaults.pam,C3	add	ticket_lifetime,D3	add	renew_lifetime,E3	add	forwardable,F3	add		proxiable,G3	add	minimum_uid!,I		foreachkey	value)pth$J	add	(K4L,M3truefalse-N(Q,R3	(T	*,U3(X&&krb5-plugin-preauth-pkinit-nss4Zpkinit_sect$[.etc.krb5_conf.v.pkinit(\!		contains	SCR::Dir	.etc.krb5_conf.spkinit4],^
SCR::Write$.etc.krb5_conf.st.appdefaults.pkinit	&_#.etc.krb5_conf.v.appdefaults.pkinit,a3	add	trusted_servers(c/etc/pam_pkcs11/pam_pkcs11.conf4d,e
SCR::Write	add		add	!.etc.pam_pkcs11_conf.v.pam_pkcs11	mapper ms
domainname,f
SCR::Write	add		add	!.etc.pam_pkcs11_conf.v.pam_pkcs11	mapper msdomainnickname,g
SCR::Write.etc.pam_pkcs11_conf,l
SCR::Write.etc.krb5_conf,pSCR::UnmountAgent.etc.krb5_conf,t(v4wwrite	$x yesno,y
SCR::Write	add		add	.etc.ssh.ssh_config.v%GSSAPIAuthentication,{
SCR::Write	add		add	.etc.ssh.ssh_config.v%GSSAPIDelegateCredentials,}
SCR::Write.etc.ssh.ssh_config,~	
y2milestone	
/etc/ssh/ssh_config modified,-
%7summary	nc	
$
$
&

	PAM Loginkerberos&

Use KerberoskerberosDo Not Use Kerberoskerberos&


Default Realmkerberos&


&

Default Domainkerberos&


&

KDC Server Addresskerberos&


&


Clock Skewkerberos&


-
	%8summary	nc	$
$
&
+			+			+					
sformat		
<b>KDC Server</b>: %1<br>kerberos
		
sformat		
<b>Default Domain</b>: %1<br>kerberos
		
sformat		
<b>Default Realm</b>: %1<br>kerberos
		
sformat		
*<b>Kerberos Authentication Enabled</b>: %1kerberosYeskerberosNokerberos((&
+			+			
<br>Configuration Acquired via DNSkerberos-
%9-installremove	%:(&&!		regexpmatch		
^([0-9]+)[dmh]$!		regexpmatch		

^([0-9]+)$4(
	clockskew,	"Clock skew is invalid.
Try again.
kerberos,	Lifetime is invalid.
Try again.kerberos--

ACC SHELL 2018