Unable Auth::Kerberos in Manager (closes: #707)

This commit is contained in:
Xavier Guimard 2017-04-11 13:21:35 +00:00
parent acf9420c5f
commit fbbe3aaf9b
9 changed files with 60 additions and 5 deletions

View File

@ -71,6 +71,7 @@ sub defaultValues {
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {

View File

@ -38,6 +38,7 @@ our $authParameters = {
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
demoParams => [qw(demoExportedVars)],
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
krbParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
nullParams => [qw(nullAuthnLevel)],
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],

View File

@ -304,6 +304,10 @@ sub attributes {
'k' => 'Google',
'v' => 'Google'
},
{
'k' => 'Kerberos',
'v' => 'Kerberos'
},
{
'k' => 'LDAP',
'v' => 'LDAP'
@ -498,6 +502,10 @@ sub attributes {
'k' => 'Google',
'v' => 'Google'
},
{
'k' => 'Kerberos',
'v' => 'Kerberos'
},
{
'k' => 'LDAP',
'v' => 'LDAP'
@ -711,6 +719,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'k' => 'Google',
'v' => 'Google'
},
{
'k' => 'Kerberos',
'v' => 'Kerberos'
},
{
'k' => 'LDAP',
'v' => 'LDAP'
@ -1175,6 +1187,17 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'key' => {
'type' => 'password'
},
'krbAuthnLevel' => {
'default' => 3,
'type' => 'int'
},
'krbByJs' => {
'default' => 0,
'type' => 'bool'
},
'krbKeytab' => {
'type' => 'text'
},
'ldapAllowResetExpiredPassword' => {
'default' => 0,
'type' => 'bool'

View File

@ -1801,6 +1801,7 @@ sub attributes {
{ k => 'DBI', v => 'Database (DBI)' },
{ k => 'Facebook', v => 'Facebook' },
{ k => 'Google', v => 'Google' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' },
{ k => 'PAM', v => 'PAM' },
{ k => 'Radius', v => 'Radius' },
@ -2233,6 +2234,22 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
documentation => 'Null authentication level',
},
# Kerberos
krbKeytab => {
type => 'text',
documentation => 'Kerberos keytab',
},
krbByJs => {
type => 'bool',
default => 0,
documentation => 'Launch Kerberos authentication by Ajax',
},
krbAuthnLevel => {
type => 'int',
default => 3,
documentation => 'Null authentication level',
},
# Slave
slaveAuthnLevel => {
type => 'int',
@ -2277,6 +2294,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'Demo', v => 'Demo' },
{ k => 'Facebook', v => 'Facebook' },
{ k => 'Google', v => 'Google' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' },
{ k => 'PAM', v => 'PAM' },
{ k => 'Null', v => 'None' },
@ -2340,6 +2358,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'DBI', v => 'Database (DBI)' },
{ k => 'Facebook', v => 'Facebook' },
{ k => 'Google', v => 'Google' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' },
{ k => 'PAM', v => 'PAM' },
{ k => 'Radius', v => 'Radius' },
@ -2504,9 +2523,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
documentation => 'OpenID Connect allow hybrid flow',
},
oidcStorage => { type => 'PerlModule', },
oidcStorageOptions => {
type => 'keyTextContainer',
},
oidcStorageOptions => { type => 'keyTextContainer', },
# OpenID Connect metadata nodes
oidcOPMetaDataNodes => {

View File

@ -192,6 +192,11 @@ sub tree {
'facebookAppId', 'facebookAppSecret'
]
},
{
title => 'krbParams',
help => 'kerberos.html',
nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel' ]
},
{
title => 'ldapParams',
help => 'authldap.html',

View File

@ -284,6 +284,10 @@
"keys": "Keys",
"keyname": "Key name",
"keyPassword": "Key password",
"krbAuthnLevel": "Kerberos authn level",
"krbByJs": "Use Ajax request",
"krbKeytab": "keytab file",
"krbParams": "Kerberos parameters",
"languages": "Languages",
"latest": "Latest",
"ldap": "LDAP",

View File

@ -284,6 +284,10 @@
"keys": "Clefs",
"keyname": "Nom de clef",
"keyPassword": "Mot de passe de la clef",
"krbAuthnLevel": "Niveau d'authentification Kerberos",
"krbByJs": "Utilise une requête Ajax",
"krbKeytab": "Fichier keytab",
"krbParams": "Kerberos parameters",
"languages": "Langues",
"latest": "Dernière",
"ldap": "LDAP",

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long