Ignore:
Timestamp:
Aug 24, 2014, 11:29:04 PM (10 years ago)
Author:
glasgall
Message:
Make signup use GSSAPI auth for LDAP now that ldap master is remote,
and pick which server to use at random because we can't use
scripts-ldap yet.

Committed on trunk because achernya asked me to put it on trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/common/oursrc/accountadm/signup-scripts-backend.in

    r2101 r2575  
    11#!/usr/bin/perl
    22use strict;
     3use File::Temp qw/ :POSIX /;
    34
    45# signup-scripts-backend
     
    102103}
    103104
     105# Get credentials
     106my $ccache = tmpnam();
     107$ENV{'KRB5CCNAME'} = $ccache;
     108my $exit_status = system("/usr/bin/kinit", "-k", "-t", "/etc/signup.keytab", "daemon/scripts-signup.mit.edu");
     109if (($exit_status >> 8) != 0) {
     110    die "Couldn't get Kerberos credentials for account creation!";
     111}
    104112my $pid;
     113my @ldap_servers = ('doppelganger', 'alter-ego', 'body-double');
     114my $selected_server = $ldap_servers[int(rand(3))];
    105115defined ($pid = open LDAP, '|-') or complain("internal error");
    106116if (!$pid) {
    107117        close STDOUT;
    108118        open STDOUT, '>/dev/null';
    109         exec '@ldapadd_path@', '-c', '-x', '-D', 'cn=Directory Manager', '-y', '/etc/signup-ldap-pw';
     119        exec '@ldapadd_path@', '-c', '-Y', 'gssapi', '-H', "ldap://$selected_server.mit.edu";
    110120        exit 1;
    111121}
     
    145155#system('@sudo_path@', '-u', 'root', '/usr/sbin/setquota', $username, '0', '25000', '0', '10000', '-a');
    146156
     157system("kdestroy");
     158
    147159printexit("done", 0);
    148160
Note: See TracChangeset for help on using the changeset viewer.