Commit fbbe3aaf authored by Yadd's avatar Yadd
Browse files

Unable Auth::Kerberos in Manager (closes: #707)

parent acf9420c
...@@ -71,6 +71,7 @@ sub defaultValues { ...@@ -71,6 +71,7 @@ sub defaultValues {
'issuerDBSAMLPath' => '^/saml/', 'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1, 'issuerDBSAMLRule' => 1,
'jsRedirect' => 0, 'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'ldapAuthnLevel' => 2, 'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com', 'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => { 'ldapExportedVars' => {
......
...@@ -38,6 +38,7 @@ our $authParameters = { ...@@ -38,6 +38,7 @@ our $authParameters = {
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)], dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
demoParams => [qw(demoExportedVars)], demoParams => [qw(demoExportedVars)],
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)], facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
krbParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)], ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
nullParams => [qw(nullAuthnLevel)], nullParams => [qw(nullAuthnLevel)],
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)], oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
......
...@@ -304,6 +304,10 @@ sub attributes { ...@@ -304,6 +304,10 @@ sub attributes {
'k' => 'Google', 'k' => 'Google',
'v' => 'Google' 'v' => 'Google'
}, },
{
'k' => 'Kerberos',
'v' => 'Kerberos'
},
{ {
'k' => 'LDAP', 'k' => 'LDAP',
'v' => 'LDAP' 'v' => 'LDAP'
...@@ -498,6 +502,10 @@ sub attributes { ...@@ -498,6 +502,10 @@ sub attributes {
'k' => 'Google', 'k' => 'Google',
'v' => 'Google' 'v' => 'Google'
}, },
{
'k' => 'Kerberos',
'v' => 'Kerberos'
},
{ {
'k' => 'LDAP', 'k' => 'LDAP',
'v' => 'LDAP' 'v' => 'LDAP'
...@@ -711,6 +719,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] ...@@ -711,6 +719,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'k' => 'Google', 'k' => 'Google',
'v' => 'Google' 'v' => 'Google'
}, },
{
'k' => 'Kerberos',
'v' => 'Kerberos'
},
{ {
'k' => 'LDAP', 'k' => 'LDAP',
'v' => 'LDAP' 'v' => 'LDAP'
...@@ -1175,6 +1187,17 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- ...@@ -1175,6 +1187,17 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'key' => { 'key' => {
'type' => 'password' 'type' => 'password'
}, },
'krbAuthnLevel' => {
'default' => 3,
'type' => 'int'
},
'krbByJs' => {
'default' => 0,
'type' => 'bool'
},
'krbKeytab' => {
'type' => 'text'
},
'ldapAllowResetExpiredPassword' => { 'ldapAllowResetExpiredPassword' => {
'default' => 0, 'default' => 0,
'type' => 'bool' 'type' => 'bool'
......
...@@ -1801,6 +1801,7 @@ sub attributes { ...@@ -1801,6 +1801,7 @@ sub attributes {
{ k => 'DBI', v => 'Database (DBI)' }, { k => 'DBI', v => 'Database (DBI)' },
{ k => 'Facebook', v => 'Facebook' }, { k => 'Facebook', v => 'Facebook' },
{ k => 'Google', v => 'Google' }, { k => 'Google', v => 'Google' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' }, { k => 'LDAP', v => 'LDAP' },
{ k => 'PAM', v => 'PAM' }, { k => 'PAM', v => 'PAM' },
{ k => 'Radius', v => 'Radius' }, { k => 'Radius', v => 'Radius' },
...@@ -2233,6 +2234,22 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: ...@@ -2233,6 +2234,22 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
documentation => 'Null authentication level', documentation => 'Null authentication level',
}, },
# Kerberos
krbKeytab => {
type => 'text',
documentation => 'Kerberos keytab',
},
krbByJs => {
type => 'bool',
default => 0,
documentation => 'Launch Kerberos authentication by Ajax',
},
krbAuthnLevel => {
type => 'int',
default => 3,
documentation => 'Null authentication level',
},
# Slave # Slave
slaveAuthnLevel => { slaveAuthnLevel => {
type => 'int', type => 'int',
...@@ -2277,6 +2294,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: ...@@ -2277,6 +2294,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'Demo', v => 'Demo' }, { k => 'Demo', v => 'Demo' },
{ k => 'Facebook', v => 'Facebook' }, { k => 'Facebook', v => 'Facebook' },
{ k => 'Google', v => 'Google' }, { k => 'Google', v => 'Google' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' }, { k => 'LDAP', v => 'LDAP' },
{ k => 'PAM', v => 'PAM' }, { k => 'PAM', v => 'PAM' },
{ k => 'Null', v => 'None' }, { k => 'Null', v => 'None' },
...@@ -2340,6 +2358,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: ...@@ -2340,6 +2358,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'DBI', v => 'Database (DBI)' }, { k => 'DBI', v => 'Database (DBI)' },
{ k => 'Facebook', v => 'Facebook' }, { k => 'Facebook', v => 'Facebook' },
{ k => 'Google', v => 'Google' }, { k => 'Google', v => 'Google' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' }, { k => 'LDAP', v => 'LDAP' },
{ k => 'PAM', v => 'PAM' }, { k => 'PAM', v => 'PAM' },
{ k => 'Radius', v => 'Radius' }, { k => 'Radius', v => 'Radius' },
...@@ -2504,9 +2523,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: ...@@ -2504,9 +2523,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
documentation => 'OpenID Connect allow hybrid flow', documentation => 'OpenID Connect allow hybrid flow',
}, },
oidcStorage => { type => 'PerlModule', }, oidcStorage => { type => 'PerlModule', },
oidcStorageOptions => { oidcStorageOptions => { type => 'keyTextContainer', },
type => 'keyTextContainer',
},
# OpenID Connect metadata nodes # OpenID Connect metadata nodes
oidcOPMetaDataNodes => { oidcOPMetaDataNodes => {
......
...@@ -192,6 +192,11 @@ sub tree { ...@@ -192,6 +192,11 @@ sub tree {
'facebookAppId', 'facebookAppSecret' 'facebookAppId', 'facebookAppSecret'
] ]
}, },
{
title => 'krbParams',
help => 'kerberos.html',
nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel' ]
},
{ {
title => 'ldapParams', title => 'ldapParams',
help => 'authldap.html', help => 'authldap.html',
......
...@@ -284,6 +284,10 @@ ...@@ -284,6 +284,10 @@
"keys": "Keys", "keys": "Keys",
"keyname": "Key name", "keyname": "Key name",
"keyPassword": "Key password", "keyPassword": "Key password",
"krbAuthnLevel": "Kerberos authn level",
"krbByJs": "Use Ajax request",
"krbKeytab": "keytab file",
"krbParams": "Kerberos parameters",
"languages": "Languages", "languages": "Languages",
"latest": "Latest", "latest": "Latest",
"ldap": "LDAP", "ldap": "LDAP",
......
...@@ -284,6 +284,10 @@ ...@@ -284,6 +284,10 @@
"keys": "Clefs", "keys": "Clefs",
"keyname": "Nom de clef", "keyname": "Nom de clef",
"keyPassword": "Mot de passe de la clef", "keyPassword": "Mot de passe de la clef",
"krbAuthnLevel": "Niveau d'authentification Kerberos",
"krbByJs": "Utilise une requête Ajax",
"krbKeytab": "Fichier keytab",
"krbParams": "Kerberos parameters",
"languages": "Langues", "languages": "Langues",
"latest": "Dernière", "latest": "Dernière",
"ldap": "LDAP", "ldap": "LDAP",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment