def format_pam_cert_auth_conf(config): """Format a basic SSSD configuration""" return unindent("""\ [sssd] debug_level = 10 domains = auth_only services = pam, nss [nss] debug_level = 10 [pam] pam_cert_auth = True pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \ +pam_sss_try_sc, +pam_sss_allow_missing_name pam_cert_db_path = {config.PAM_CERT_DB_PATH} p11_child_timeout = 5 p11_wait_for_card_timeout = 5 debug_level = 10 [domain/auth_only] debug_level = 10 id_provider = files fallback_to_nss = False [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* """).format(**locals())
def format_pam_cert_auth_conf_name_format(config): """Format SSSD configuration with full_name_format""" return unindent("""\ [sssd] debug_level = 10 domains = auth_only services = pam, nss [nss] debug_level = 10 [pam] pam_cert_auth = True pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \ +pam_sss_try_sc, +pam_sss_allow_missing_name pam_cert_db_path = {config.PAM_CERT_DB_PATH} p11_child_timeout = 5 p11_wait_for_card_timeout = 5 debug_level = 10 [domain/auth_only] use_fully_qualified_names = True full_name_format = %2$s\\%1$s debug_level = 10 id_provider = files [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* """).format(**locals())
def format_pam_cert_auth_conf(config): """Format a basic SSSD configuration""" return unindent("""\ [sssd] debug_level = 10 domains = auth_only services = pam, nss [nss] debug_level = 10 [pam] pam_cert_auth = True pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \ +pam_sss_try_sc pam_cert_db_path = {config.PAM_CERT_DB_PATH} p11_child_timeout = 5 p11_wait_for_card_timeout = 5 debug_level = 10 [domain/auth_only] debug_level = 10 id_provider = files [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* """).format(**locals())
def format_pam_krb5_auth_domains(config, kdc_instance): """Format SSSD configuration for krb5 authentication""" return unindent("""\ [sssd] debug_level = 10 domains = wrong.dom1, wrong.dom2, krb5_auth, wrong.dom3 services = pam, nss [nss] debug_level = 10 [pam] debug_level = 10 [domain/wrong.dom1] debug_level = 10 id_provider = files fallback_to_nss = False auth_provider = krb5 krb5_realm = WRONG1REALM krb5_server = localhost:{kdc_instance.kdc_port} [domain/wrong.dom2] debug_level = 10 id_provider = files fallback_to_nss = False auth_provider = krb5 krb5_realm = WRONG2REALM krb5_server = localhost:{kdc_instance.kdc_port} [domain/wrong.dom3] debug_level = 10 id_provider = files fallback_to_nss = False auth_provider = krb5 krb5_realm = WRONG3REALM krb5_server = localhost:{kdc_instance.kdc_port} [domain/krb5_auth] debug_level = 10 id_provider = files fallback_to_nss = False auth_provider = krb5 krb5_realm = PAMKRB5TEST krb5_server = localhost:{kdc_instance.kdc_port} """).format(**locals())
def format_pam_krb5_auth(config, kdc_instance): """Format SSSD configuration for krb5 authentication""" return unindent("""\ [sssd] debug_level = 10 domains = krb5_auth services = pam, nss [nss] debug_level = 10 [pam] debug_level = 10 [domain/krb5_auth] debug_level = 10 id_provider = files auth_provider = krb5 krb5_realm = PAMKRB5TEST krb5_server = localhost:{kdc_instance.kdc_port} """).format(**locals())
def format_basic_conf(ldap_conn): """Format a basic SSSD configuration""" return unindent("""\ [sssd] domains = FakeAD services = pam, nss [nss] [pam] debug_level = 10 [domain/FakeAD] debug_level = 10 ldap_search_base = {ldap_conn.ad_inst.base_dn} ldap_referrals = false id_provider = ldap auth_provider = ldap chpass_provider = ldap access_provider = ldap ldap_uri = {ldap_conn.ad_inst.ldap_url} ldap_default_bind_dn = {ldap_conn.ad_inst.admin_dn} ldap_default_authtok_type = password ldap_default_authtok = {ldap_conn.ad_inst.admin_pw} ldap_schema = ad ldap_id_mapping = true ldap_idmap_default_domain_sid = S-1-5-21-1305200397-2901131868-73388776 case_sensitive = False [prompting/password] password_prompt = My global prompt [prompting/password/pam_sss_alt_service] password_prompt = My alt service prompt """).format(**locals())
def format_basic_conf(ldap_conn): """Format a basic SSSD configuration""" return unindent("""\ [sssd] domains = FakeAD services = pam, nss [nss] [pam] debug_level = 10 [domain/FakeAD] debug_level = 10 ldap_search_base = {ldap_conn.ad_inst.base_dn} ldap_referrals = false id_provider = ldap auth_provider = ldap chpass_provider = ldap access_provider = ldap ldap_uri = {ldap_conn.ad_inst.ldap_url} ldap_default_bind_dn = {ldap_conn.ad_inst.admin_dn} ldap_default_authtok_type = password ldap_default_authtok = {ldap_conn.ad_inst.admin_pw} ldap_schema = ad ldap_id_mapping = true ldap_idmap_default_domain_sid = S-1-5-21-1305200397-2901131868-73388776 case_sensitive = False [prompting/password] password_prompt = My global prompt [prompting/password/pam_sss_alt_service] password_prompt = My alt service prompt """).format(**locals())
def format_pam_cert_auth_conf(config): """Format a basic SSSD configuration""" return unindent("""\ [sssd] debug_level = 10 domains = auth_only services = pam, nss [nss] debug_level = 10 [pam] pam_cert_auth = True pam_p11_allowed_services = +pam_sss_service pam_cert_db_path = {config.PAM_CERT_DB_PATH} debug_level = 10 [domain/auth_only] debug_level = 10 id_provider = files [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* """).format(**locals())