История изменений

install_SSSD() {
	. /etc/univention/ucr_master

	DEBIAN_FRONTEND=noninteractive apt-get -y  install sssd libnss-sss libpam-sss libsss-sudo 
	DEBIAN_FRONTEND=noninteractive apt-get -y  install auth-client-config 

	cp ./includes/configs/sss /etc/auth-client-config/profile.d/sss
	auth-client-config -a -p sss

	cp ./includes/configs/ucs_mkhomedir /usr/share/pam-configs/ucs_mkhomedir
	echo '*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,plugdev,adm' >>/etc/security/group.conf
	cp ./includes/configs/local_groups /usr/share/pam-configs/local_groups

	DEBIAN_FRONTEND=noninteractive pam-auth-update --force

}

[sss]
nss_passwd=   passwd:   compat sss
nss_group=    group:    compat sss
nss_shadow=   shadow:   compat
nss_netgroup= netgroup: nis
 
pam_auth=
        auth [success=3 default=ignore] pam_unix.so nullok_secure try_first_pass
        auth requisite pam_succeed_if.so uid >= 500 quiet
        auth [success=1 default=ignore] pam_sss.so use_first_pass
        auth requisite pam_deny.so
        auth required pam_permit.so
 
pam_account=
        account required pam_unix.so
        account sufficient pam_localuser.so
        account sufficient pam_succeed_if.so uid < 500 quiet
        account [default=bad success=ok user_unknown=ignore] pam_sss.so
        account required pam_permit.so
 
pam_password=
        password requisite pam_pwquality.so retry=3
        password sufficient pam_unix.so obscure sha512
        password sufficient pam_sss.so use_authtok
        password required pam_deny.so
 
pam_session=
        session required pam_mkhomedir.so skel=/etc/skel umask=0077
        session optional pam_keyinit.so revoke
        session required pam_limits.so
        session [success=1 default=ignore] pam_sss.so
        session required pam_unix.so

install_SSSD() {
	. /etc/univention/ucr_master

	DEBIAN_FRONTEND=noninteractive apt-get -y  install sssd libnss-sss libpam-sss libsss-sudo 
	DEBIAN_FRONTEND=noninteractive apt-get -y  install auth-client-config 

	cp ./includes/configs/sss /etc/auth-client-config/profile.d/sss
	auth-client-config -a -p sss

	cp ./includes/configs/ucs_mkhomedir /usr/share/pam-configs/ucs_mkhomedir
	echo '*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,plugdev,adm' >>/etc/security/group.conf
	cp ./includes/configs/local_groups /usr/share/pam-configs/local_groups

	DEBIAN_FRONTEND=noninteractive pam-auth-update --force

}

[sss]
nss_passwd=   passwd:   compat sss
nss_group=    group:    compat sss
nss_shadow=   shadow:   compat
nss_netgroup= netgroup: nis
 
pam_auth=
        auth [success=3 default=ignore] pam_unix.so nullok_secure try_first_pass
        auth requisite pam_succeed_if.so uid >= 500 quiet
        auth [success=1 default=ignore] pam_sss.so use_first_pass
        auth requisite pam_deny.so
        auth required pam_permit.so
 
pam_account=
        account required pam_unix.so
        account sufficient pam_localuser.so
        account sufficient pam_succeed_if.so uid < 500 quiet
        account [default=bad success=ok user_unknown=ignore] pam_sss.so
        account required pam_permit.so
 
pam_password=
        password requisite pam_pwquality.so retry=3
        password sufficient pam_unix.so obscure sha512
        password sufficient pam_sss.so use_authtok
        password required pam_deny.so
 
pam_session=
        session required pam_mkhomedir.so skel=/etc/skel umask=0077
        session optional pam_keyinit.so revoke
        session required pam_limits.so
        session [success=1 default=ignore] pam_sss.so
        session required pam_unix.so