[24413] in Source-Commits
/svn/athena r24008 - trunk/debathena/config/ssh-server-config/debian
daemon@ATHENA.MIT.EDU (Geoffrey Thomas)
Fri Sep 18 10:02:11 2009
Date: Fri, 18 Sep 2009 10:01:58 -0400
From: Geoffrey Thomas <geofft@MIT.EDU>
Message-Id: <200909181401.n8IE1wBK010957@drugstore.mit.edu>
To: source-commits@mit.edu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: geofft
Date: 2009-09-18 10:01:58 -0400 (Fri, 18 Sep 2009)
New Revision: 24008
Added:
trunk/debathena/config/ssh-server-config/debian/10-kerberos-credentials-warn
trunk/debathena/config/ssh-server-config/debian/csh-kerberos-credentials-warn
Modified:
trunk/debathena/config/ssh-server-config/debian/changelog
trunk/debathena/config/ssh-server-config/debian/control.in
trunk/debathena/config/ssh-server-config/debian/debathena-ssh-server-config.install
Log:
In ssh-server-config:
* Add a warning if a user logs in without tickets
or tokens. (Trac: #205)
Patch by Jessica Hamrick <jhamrick@mit.edu>.
Added: trunk/debathena/config/ssh-server-config/debian/10-kerberos-credentials-warn
===================================================================
--- trunk/debathena/config/ssh-server-config/debian/10-kerberos-credentials-warn 2009-09-15 18:47:46 UTC (rev 24007)
+++ trunk/debathena/config/ssh-server-config/debian/10-kerberos-credentials-warn 2009-09-18 14:01:58 UTC (rev 24008)
@@ -0,0 +1,29 @@
+# If a user logs in without tickets and tokens, display a warning message to let them know
+
+# Check to make sure the user does not have a local account
+is_nonlocal=$(NSS_NONLOCAL_IGNORE=1 getent passwd "$USER")
+if [ -z "$is_nonlocal" ]; then
+ tickets=
+ tokens=
+
+ # Check for tokens
+ if tokens | grep -q 'athena\.mit\.edu'; then
+ tokens="yes"
+ fi
+
+ # Check for tickets
+ if klist -s; then
+ tickets="yes"
+ fi
+
+ if [ -z "$tokens" ] && [ -z "$tickets" ]; then
+ echo "WARNING: You have no valid Kerberos tickets and no valid AFS tokens." >&2
+ echo "See http://debathena.mit.edu/ssh" >&2
+ elif [ -z "$tokens" ]; then
+ echo "WARNING: You have no valid AFS tokens." >&2
+ echo "See http://debathena.mit.edu/ssh" >&2
+ elif [ -z "$tickets" ]; then
+ echo "WARNING: You have no valid Kerberos tickets." >&2
+ echo "See http://debathena.mit.edu/ssh" >&2
+ fi
+fi
Modified: trunk/debathena/config/ssh-server-config/debian/changelog
===================================================================
--- trunk/debathena/config/ssh-server-config/debian/changelog 2009-09-15 18:47:46 UTC (rev 24007)
+++ trunk/debathena/config/ssh-server-config/debian/changelog 2009-09-18 14:01:58 UTC (rev 24008)
@@ -1,3 +1,10 @@
+debathena-ssh-server-config (1.6) unstable; urgency=low
+
+ * Add a warning if a user logs in without tickets
+ or tokens. (Trac: #205)
+
+ -- Jessica Hamrick <jhamrick@mit.edu> Thu, 17 Sep 2009 17:31:38 -0400
+
debathena-ssh-server-config (1.5) unstable; urgency=low
* Disable GSSAPIStrictAcceptorCheck. (Trac: #297)
Modified: trunk/debathena/config/ssh-server-config/debian/control.in
===================================================================
--- trunk/debathena/config/ssh-server-config/debian/control.in 2009-09-15 18:47:46 UTC (rev 24007)
+++ trunk/debathena/config/ssh-server-config/debian/control.in 2009-09-18 14:01:58 UTC (rev 24008)
@@ -7,7 +7,7 @@
Package: debathena-ssh-server-config
Architecture: all
-Depends: openssh-server (>= 1:4.3) | ssh-krb5, ${misc:Depends}
+Depends: openssh-server (>= 1:4.3) | ssh-krb5, ${misc:Depends}, debathena-bash-config (>= 1.11) | debathena-tcsh-config (>= 1.11)
Provides: ${diverted-files}
Conflicts: debathena-sshd-config (<< 1.0), ${diverted-files}
Replaces: debathena-sshd-config (<< 1.0)
Added: trunk/debathena/config/ssh-server-config/debian/csh-kerberos-credentials-warn
===================================================================
--- trunk/debathena/config/ssh-server-config/debian/csh-kerberos-credentials-warn 2009-09-15 18:47:46 UTC (rev 24007)
+++ trunk/debathena/config/ssh-server-config/debian/csh-kerberos-credentials-warn 2009-09-18 14:01:58 UTC (rev 24008)
@@ -0,0 +1,31 @@
+# Warn the user if they log in without tickets or tokens
+
+# Check to make sure the user does not have a local account
+set is_nonlocal=`env NSS_NONLOCAL_IGNORE=1 getent passwd $USER`
+if ("$is_nonlocal" == "") then
+ set tickets=""
+ set tokens=""
+
+ # Check for tickets
+ klist -s
+ if ("$?" == 0) then
+ set tickets="yes"
+ endif
+
+ # Check for tokens
+ tokens | grep -q 'athena\.mit\.edu'
+ if ("$?" == 0) then
+ set tokens="yes"
+ endif
+
+ if ("$tokens" != "yes" && "$tickets" != "yes") then
+ echo "WARNING: You have no valid Kerberos tickets and no valid AFS tokens."
+ echo "See http://debathena.mit.edu/ssh"
+ else if ("$tokens" != "yes") then
+ echo "WARNING: You have no valid AFS tokens."
+ echo "See http://debathena.mit.edu/ssh"
+ else if ("$tickets" != "yes") then
+ echo "WARNING: You have no valid Kerberos tickets."
+ echo "See http://debathena.mit.edu/ssh"
+ endif
+endif
Modified: trunk/debathena/config/ssh-server-config/debian/debathena-ssh-server-config.install
===================================================================
--- trunk/debathena/config/ssh-server-config/debian/debathena-ssh-server-config.install 2009-09-15 18:47:46 UTC (rev 24007)
+++ trunk/debathena/config/ssh-server-config/debian/debathena-ssh-server-config.install 2009-09-18 14:01:58 UTC (rev 24008)
@@ -1 +1,3 @@
-debian/sshd_config.debathena etc/ssh/
\ No newline at end of file
+debian/sshd_config.debathena etc/ssh/
+debian/10-kerberos-credentials-warn usr/share/debathena-bash-config/profile.d/
+debian/csh-kerberos-credentials-warn etc/csh/login.d/
