rpms / autofs

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main origin/f14/master private-autofs-segv-test-branch private-cthon-branch private-map-expiry-branch rawhide
  1.   f15
  2.   autofs-5.0.5-add-autofs_ldap_auth_conf-man-page.patch
Blob Blame History Raw 
autofs-5.0.5 - add autofs_ldap_auth.conf man page

From: Ian Kent <raven@themaw.net>


---

 CHANGELOG                      |    1 
 man/auto.master.5.in           |    3 +
 man/autofs.5                   |    1 
 man/autofs.8.in                |    1 
 man/autofs_ldap_auth.conf.5.in |   93 +++++++++++++++++++++++++++++++++++++++++
 man/automount.8                |    1 
 samples/autofs_ldap_auth.conf  |   64 ----------------------------
 7 files changed, 101 insertions(+), 63 deletions(-)
 create mode 100644 man/autofs_ldap_auth.conf.5.in


--- autofs-5.0.5.orig/CHANGELOG
+++ autofs-5.0.5/CHANGELOG
@@ -29,6 +29,7 @@
 - add locality as valid ldap master map attribute fix.
 - add simple bind authentication.
 - fix master map source server unavailable handling.
+- add autofs_ldap_auth.conf man page.
 
 03/09/2009 autofs-5.0.5
 -----------------------
--- autofs-5.0.5.orig/man/auto.master.5.in
+++ autofs-5.0.5/man/auto.master.5.in
@@ -365,6 +365,8 @@ and set the location of the client certi
 in the per-user configuration. The location of these files and the configuration
 entry requirements is system dependent so the documentation for your
 installation will need to be consulted to get further information.
+.P
+See \fBautofs_ldap_auth.conf\fP(5) for more information.
 .SH EXAMPLE
 .sp
 .RS +.2i
@@ -399,6 +401,7 @@ configuration will be used to locate the
 .BR automount (8),
 .BR autofs (5),
 .BR autofs (8).
+.BR autofs_ldap_auth.conf (5)
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Dean GNU/Linux system.  Edited by <hpa@transmeta.com> and
--- autofs-5.0.5.orig/man/autofs.5
+++ autofs-5.0.5/man/autofs.5
@@ -229,6 +229,7 @@ and LDAP only.
 .BR auto.master (5),
 .BR autofs (8),
 .BR mount (8).
+.BR autofs_ldap_auth.conf (5)
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debian GNU/Linux system.  Edited by H. Peter Avian
--- autofs-5.0.5.orig/man/autofs.8.in
+++ autofs-5.0.5/man/autofs.8.in
@@ -50,6 +50,7 @@ will display the status of,
 .BR automount (8),
 .BR autofs (5),
 .BR auto.master (5).
+.BR autofs_ldap_auth.conf (5)
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debi GNU/Linux system.  Edited by H. Peter Anvin
--- /dev/null
+++ autofs-5.0.5/man/autofs_ldap_auth.conf.5.in
@@ -0,0 +1,93 @@
+.\" t
+.TH AUTOFS_LDAP_AUTH.CONF 5 "19 Feb 2010"
+.SH NAME
+autofs_ldap_auth.conf \- autofs LDAP authentication configuration
+.SH "DESCRIPTION"
+LDAP authenticated binds, TLS encrypted connections and certification
+may be used by setting appropriate values in the autofs authentication
+configuration file and configuring the LDAP client with appropriate
+settings.  The default location of this file is
+.nh
+.BR @@autofsmapdir@@/autofs_ldap_auth.conf .
+.hy
+If this file exists it will be used to establish whether TLS or authentication
+should be used.
+.P
+An example of this file is:
+.sp
+.RS +.2i
+.ta 1.0i
+.nf
+<?xml version="1.0" ?>
+<autofs_ldap_sasl_conf
+        usetls="yes"
+        tlsrequired="no"
+        authrequired="no"
+        authtype="DIGEST-MD5"
+        user="xyz"
+        secret="abc"
+/>
+.fi
+.RE
+.sp
+If TLS encryption is to be used the location of the Certificate Authority
+certificate must be set within the LDAP client configuration in 
+order to validate the server certificate. If, in addition, a certified
+connection is to be used then the client certificate and private key file
+locations must also be configured within the LDAP client.
+.SH "OPTIONS"
+This files contains a single XML element, as shown in the example above, with
+several attributes.
+.TP
+The possible attributes are:
+.TP
+\fBusetls="yes"|"no"\fP
+Determines whether an encrypted connection to the ldap server
+should be attempted.
+.TP
+\fBtlsrequired="yes"|"no"\fP
+This flag tells whether the ldap connection must be encrypted. If set to "yes",
+the automounter will fail to start if an encrypted connection cannot be
+established.
+.TP
+\fBauthrequired="yes"|"no"|"autodetect"|"simple"\fP
+This option tells whether an authenticated connection to the ldap server is
+required in order to perform ldap queries. If the flag is set to yes, only
+sasl authenticated connections will be allowed. If it is set to no then
+authentication is not needed for ldap server connections. If it is set to
+autodetect then the ldap server will be queried to establish a suitable sasl
+authentication  mechanism. If no suitable mechanism can be found, connections
+to the ldap server are made without authentication. Finally, if it is set to
+simple, then simple authentication will be used instead of SASL.
+.TP
+\fBauthtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5"\fP
+This attribute can be used to specify a preferred authentication mechanism.
+ In normal operations, the automounter will attempt to authenticate to the
+ldap server using the list of supportedSASLmechanisms obtained from the
+directory server.  Explicitly setting the authtype will bypass this selection
+and only try the mechanism specified.
+.TP
+\fBuser="<username>"\fP
+This attribute holds the authentication identity used by authentication
+mechanisms that require it.  Legal values for this attribute include any
+printable characters that can be used by the selected authentication
+mechanism.
+.TP
+\fBsecret="<password>"\fP
+This attribute holds the secret used by authentication mechanisms that
+require it. Legal values for this attribute include any printable
+characters that can be used by the selected authentication mechanism.
+.TP
+\fBclientprinc="<GSSAPI client principal>"\fP
+When using GSSAPI authentication, this attribute is consulted to determine
+the principal name to use when authenticating to the directory server. By
+default, this will be set to "autofsclient/<fqdn>@<REALM>.
+.TP
+\fBcredentialcache="<external credential cache path>"\fP
+When using GSSAPI authentication, this attribute can be used to specify an
+externally configured credential cache that is used during authentication.
+By default, autofs will setup a memory based credential cache.
+.SH "SEE ALSO"
+.BR auto.master (5),
+.SH AUTHOR
+This manual page was written by Ian Kent <raven@themaw.net>.
--- autofs-5.0.5.orig/man/automount.8
+++ autofs-5.0.5/man/automount.8
@@ -152,6 +152,7 @@ constructed has been detached from the m
 .BR autofs (8),
 .BR auto.master (5),
 .BR mount (8).
+.BR autofs_ldap_auth.conf (5)
 .SH BUGS
 Don't know, I've fixed everything I know about.
 
--- autofs-5.0.5.orig/samples/autofs_ldap_auth.conf
+++ autofs-5.0.5/samples/autofs_ldap_auth.conf
@@ -1,69 +1,7 @@
 <?xml version="1.0" ?>
 <!--
 This files contains a single entry with multiple attributes tied to it.
-The attributes are:
-
-usetls  -  Determines whether an encrypted connection to the ldap server
-	   should be attempted.  Legal values for the entry are:
-	   "yes"
-	   "no"
-
-tlsrequired  -  This flag tells whether the ldap connection must be
-	   encrypted.  If set to "yes", the automounter will fail to start
-	   if an encrypted connection cannot be established.  Legal values
-	   for this option include:
-	   "yes"
-	   "no"
-
-authrequired  -  This option tells whether an authenticated connection to
-	    the ldap server is required in order to perform ldap queries.
-	    If the flag is set to yes, only sasl authenticated connections
-	    will be allowed. If it is set to no then authentication is not
-	    needed for ldap server connections. If it is set to autodetect
-	    then the ldap server will be queried to establish a suitable
-	    sasl authentication mechanism. If no suitable mechanism can be
-	    found, connections to the ldap server are made without
-	    authentication. Finally, if it is set to simple, then simple
-	    authentication will be used instead of SASL.
-
-	    Legal values for this option include:
-	    "yes"
-	    "no"
-	    "autodetect"
-	    "simple"
-
-authtype  -  This attribute can be used to specify a preferred
-	    authentication mechanism.  In normal operations, the
-	    automounter will attempt to authenticate to the ldap server
-	    using the list of supportedSASLmechanisms obtained from the
-	    directory server.  Explicitly setting the authtype will bypass
-	    this selection and only try the mechanism specified.  Legal
-	    values for this attribute include:
-	    "GSSAPI"
-	    "LOGIN"
-	    "PLAIN"
-	    "ANONYMOUS"
-	    "DIGEST-MD5"
-
-user  -  This attribute holds the authentication identity used by
-	    authentication mechanisms that require it.  Legal values for
-	    this attribute include any printable characters that can be
-	    used by the selected authentication mechanism.
-
-secret  -  This attribute holds the secret used by authentication
-	    mechanisms that require it.  Legal values for this attribute
-	    include any printable characters that can be used by the
-	    selected authentication mechanism.
-
-clientprinc  -  When using GSSAPI authentication, this attribute is
-	    consulted to determine the principal name to use when
-	    authenticating to the directory server.  By default, this will
-	    be set to "autofsclient/<fqdn>@<REALM>.
-
-credentialcache - When using GSSAPI authentication, this attribute
-	    can be used to specify an externally configured credential
-	    cache that is used during authentication. By default, autofs
-	    will setup a memory based credential cache.
+See autofs_ldap_auth.conf(5) for more information.
 -->
 
 <autofs_ldap_sasl_conf
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.