Bug#649854: marked as done (create krb5 host principals via GOsa²)

[Debian Bug Tracking System]

Your message dated Thu, 04 Oct 2018 10:04:16 +0000
with message-id <e1g80us-0005uy...@fasolo.debian.org>
and subject line Bug#649854: fixed in debian-edu-config 2.10.39
has caused the Debian Bug report #649854,
regarding create krb5 host principals via GOsa²
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
649854: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649854
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

package: debian-edu-config
version: r74282
severity: wishlist
tags: patch



  host/<fqdn>



Steps for incorporation:

  o place script at d-e-c/share/debian-edu-config/tools/gosa-host-create
  o enable sudo execution for this script by www-data user in GOsa²

Here is the script:

#!/bin/sh

set -e

## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.
##
## This script creates the principals for hosts added with FusionDirectory.

set -x

HOSTNAME=$1
DOMAIN=intern
FQDN=$1.$DOMAIN

## lookup user and create home directory and principal:
ldapsearch -xLLL "(&(|(cn=$HOSTNAME)(cn=$FQDN))(objectClass=GOHard))" \
           cn ipHostNumber macAddress 2>/dev/null  | \
    perl -p00e 's/\r?\n //g' | \
while read KEY VALUE ; do
        case "$KEY" in
                dn:) HOSTNAME= ; IP= ; HOSTDN="dn=$VALUE" ;;
                cn:) HOSTNAME="$VALUE" ;;
                ipHostNumber:) IP="$VALUE" ;;
                macAddress:) MAC="$VALUE"  ;;
                "")
                        FQDN=$HOSTNAME.$DOMAIN
                        kadmin.local -q "add_principal -policy hosts
                                                       -randkey

                        && logger -p notice \
                                  Krb5 principal \'host/$FQDN\' created.
                        ;;
                esac
done

exit 0





--

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

In order to use NFSv4+Krb5 each machine in the Skolelinux network needs a kerberos principal The below script shows how to add such functionality. Note: the script below stems from a different context, su some adoptions will be needed for running on Debian Edu main server. -x $HOSTDN host/$FQDN" \

pgp5cFXsooyg4.pgp
Description: Digitale PGP-Unterschrift

--- End Message ---

--- Begin Message ---

Source: debian-edu-config
Source-Version: 2.10.39

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 649...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <hol...@debian.org> (supplier of updated debian-edu-config 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Oct 2018 10:51:01 +0100
Source: debian-edu-config
Binary: debian-edu-config
Architecture: source
Version: 2.10.39
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-...@lists.debian.org>
Changed-By: Holger Levsen <hol...@debian.org>
Description:
 debian-edu-config - Configuration files for Skolelinux systems
Closes: 649854 649856
Changes:
 debian-edu-config (2.10.39) unstable; urgency=medium
 .
   [ Wolfgang Schweer ]
   * ldap-tools/mkslapdcert: Remove obsolete (random-seed related) workaround.
   * cf3/edu.cf: Add class definition for profile 'Minimal'.
   * cf3/cf.grub: Adjust configuration for systems with profile 'Minimal'. Keep
     legacy interface names to ensure easier configuration as a gateway; don't
     run 'plymouth-set-default-theme', plymouth isn't used on a minimal system.
   * Improve scripts needed for kerberized NFS. (Closes: #649854, #649856).
     - share/debian-edu-config/tools/gosa-remove-host:
       + Make host principals and keytab file removal conditional; this is 
needed
         in case a system accidentally added via sitesummary2ldapdhcp is removed
         without any modification applied.
     - share/debian-edu-config/tools/gosa-modify-host:
       + Also create nfs principal for the modified host.
       + Remove leftover principals and keytab file belonging to modified host.
       + Add logging statement.
Checksums-Sha1:
 1ee237e06053adb4d1127d4df2ae060b53298f6f 1870 debian-edu-config_2.10.39.dsc
 4d9e219a0e39135ede66cafb5dd4e351a2949f33 339076 
debian-edu-config_2.10.39.tar.xz
 acea9772efd027dcb85ada64856f08cdf462f9d3 5459 
debian-edu-config_2.10.39_source.buildinfo
Checksums-Sha256:
 f421e0b022ac6b40bc349bf0807a5ec5f38d9095911087742edb38a7edb3904d 1870 
debian-edu-config_2.10.39.dsc
 9884e8e0d04cfb3703e784ef43b00b98503711890f24c6d9e40dcd39e5f896fd 339076 
debian-edu-config_2.10.39.tar.xz
 153ea05db8ce4d2af34100dc80d2f60fdab3b2d5a71f26d5fcd38d0fca964836 5459 
debian-edu-config_2.10.39_source.buildinfo
Files:
 599264579ac1a079d0542ba8d188bb73 1870 misc optional 
debian-edu-config_2.10.39.dsc
 9b66d58ecc8713b577ac8a2b0b239963 339076 misc optional 
debian-edu-config_2.10.39.tar.xz
 b97f31d4054fa8314788bd0a17c2f75c 5459 misc optional 
debian-edu-config_2.10.39_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAlu14sgACgkQCRq4Vgaa
qhxRyg/+LR2HWalv20M6nwFPxlFbiq8k91jO+u2+Z+wZvnv4TVyBy6qgG+9uGRX5
WCYK1R3uZPfr6JroPs76qpJNElD+c7qBd0dV31vtU3PeKDuFGi50dznRs9BEw53A
n1FbDlWmUn06/esoEpCLpei6RThk6aSwnLfR2EdKKzZHt7kKoxzVDY1epS/vmh5z
t5TcNn01eevd5l028HAv/DP0C3cAs14uH9jQlGqtcp/zJ4+AQ5CdYPg3QD1DZDuF
PwecEgJQWGRObcRSfKGbtI8K2MNMhxM2c8EUcxs3ONzYXRsS97a8D6x9veC+tsXk
4CauFTwaGyQcy4CxhdIb8nLNXans8xlPQHRGgJRswemUaHC8foizIQ9GbWd9GiVF
qoe8Sre4bgI0dQA0d5KUs3UZykApSh2nRRZ6tNnsLzqAUPPJhaF6oJaBMXH+rEVq
ShFFE5BRTh7Ro4/RXH5VnSZ9O6x/r5Nun9EIMKdnTxb29LggrotoAc0mqcRDYAzF
lMhKtflvrA7uhAkteM2PBrFkQjVqj5wiiA7jTIV2/GhWWrVOXYGPSWHMfL86mZFg
XO0gVLyY0vqhYWN5II/1ongLWbxs3I3JaOyuoOeuJZ+1MBTfRJG77zvVJmlWrZp4
SRvr6YphCfOiJj371zRB9Sj7duQvXJGBOIlKEOEUnZxEJD1iN7U=
=2Zev
-----END PGP SIGNATURE-----

--- End Message ---