autofs-5.0.5 - add autofs_ldap_auth.conf man page From: Ian Kent --- CHANGELOG | 1 man/auto.master.5.in | 3 + man/autofs.5 | 1 man/autofs.8.in | 1 man/autofs_ldap_auth.conf.5.in | 93 +++++++++++++++++++++++++++++++++++++++++ man/automount.8 | 1 samples/autofs_ldap_auth.conf | 64 ---------------------------- 7 files changed, 101 insertions(+), 63 deletions(-) create mode 100644 man/autofs_ldap_auth.conf.5.in --- autofs-5.0.5.orig/CHANGELOG +++ autofs-5.0.5/CHANGELOG @@ -29,6 +29,7 @@ - add locality as valid ldap master map attribute fix. - add simple bind authentication. - fix master map source server unavailable handling. +- add autofs_ldap_auth.conf man page. 03/09/2009 autofs-5.0.5 ----------------------- --- autofs-5.0.5.orig/man/auto.master.5.in +++ autofs-5.0.5/man/auto.master.5.in @@ -365,6 +365,8 @@ and set the location of the client certi in the per-user configuration. The location of these files and the configuration entry requirements is system dependent so the documentation for your installation will need to be consulted to get further information. +.P +See \fBautofs_ldap_auth.conf\fP(5) for more information. .SH EXAMPLE .sp .RS +.2i @@ -399,6 +401,7 @@ configuration will be used to locate the .BR automount (8), .BR autofs (5), .BR autofs (8). +.BR autofs_ldap_auth.conf (5) .SH AUTHOR This manual page was written by Christoph Lameter , for the Dean GNU/Linux system. Edited by and --- autofs-5.0.5.orig/man/autofs.5 +++ autofs-5.0.5/man/autofs.5 @@ -229,6 +229,7 @@ and LDAP only. .BR auto.master (5), .BR autofs (8), .BR mount (8). +.BR autofs_ldap_auth.conf (5) .SH AUTHOR This manual page was written by Christoph Lameter , for the Debian GNU/Linux system. Edited by H. Peter Avian --- autofs-5.0.5.orig/man/autofs.8.in +++ autofs-5.0.5/man/autofs.8.in @@ -50,6 +50,7 @@ will display the status of, .BR automount (8), .BR autofs (5), .BR auto.master (5). +.BR autofs_ldap_auth.conf (5) .SH AUTHOR This manual page was written by Christoph Lameter , for the Debi GNU/Linux system. Edited by H. Peter Anvin --- /dev/null +++ autofs-5.0.5/man/autofs_ldap_auth.conf.5.in @@ -0,0 +1,93 @@ +.\" t +.TH AUTOFS_LDAP_AUTH.CONF 5 "19 Feb 2010" +.SH NAME +autofs_ldap_auth.conf \- autofs LDAP authentication configuration +.SH "DESCRIPTION" +LDAP authenticated binds, TLS encrypted connections and certification +may be used by setting appropriate values in the autofs authentication +configuration file and configuring the LDAP client with appropriate +settings. The default location of this file is +.nh +.BR @@autofsmapdir@@/autofs_ldap_auth.conf . +.hy +If this file exists it will be used to establish whether TLS or authentication +should be used. +.P +An example of this file is: +.sp +.RS +.2i +.ta 1.0i +.nf + + +.fi +.RE +.sp +If TLS encryption is to be used the location of the Certificate Authority +certificate must be set within the LDAP client configuration in +order to validate the server certificate. If, in addition, a certified +connection is to be used then the client certificate and private key file +locations must also be configured within the LDAP client. +.SH "OPTIONS" +This files contains a single XML element, as shown in the example above, with +several attributes. +.TP +The possible attributes are: +.TP +\fBusetls="yes"|"no"\fP +Determines whether an encrypted connection to the ldap server +should be attempted. +.TP +\fBtlsrequired="yes"|"no"\fP +This flag tells whether the ldap connection must be encrypted. If set to "yes", +the automounter will fail to start if an encrypted connection cannot be +established. +.TP +\fBauthrequired="yes"|"no"|"autodetect"|"simple"\fP +This option tells whether an authenticated connection to the ldap server is +required in order to perform ldap queries. If the flag is set to yes, only +sasl authenticated connections will be allowed. If it is set to no then +authentication is not needed for ldap server connections. If it is set to +autodetect then the ldap server will be queried to establish a suitable sasl +authentication mechanism. If no suitable mechanism can be found, connections +to the ldap server are made without authentication. Finally, if it is set to +simple, then simple authentication will be used instead of SASL. +.TP +\fBauthtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5"\fP +This attribute can be used to specify a preferred authentication mechanism. + In normal operations, the automounter will attempt to authenticate to the +ldap server using the list of supportedSASLmechanisms obtained from the +directory server. Explicitly setting the authtype will bypass this selection +and only try the mechanism specified. +.TP +\fBuser=""\fP +This attribute holds the authentication identity used by authentication +mechanisms that require it. Legal values for this attribute include any +printable characters that can be used by the selected authentication +mechanism. +.TP +\fBsecret=""\fP +This attribute holds the secret used by authentication mechanisms that +require it. Legal values for this attribute include any printable +characters that can be used by the selected authentication mechanism. +.TP +\fBclientprinc=""\fP +When using GSSAPI authentication, this attribute is consulted to determine +the principal name to use when authenticating to the directory server. By +default, this will be set to "autofsclient/@. +.TP +\fBcredentialcache=""\fP +When using GSSAPI authentication, this attribute can be used to specify an +externally configured credential cache that is used during authentication. +By default, autofs will setup a memory based credential cache. +.SH "SEE ALSO" +.BR auto.master (5), +.SH AUTHOR +This manual page was written by Ian Kent . --- autofs-5.0.5.orig/man/automount.8 +++ autofs-5.0.5/man/automount.8 @@ -152,6 +152,7 @@ constructed has been detached from the m .BR autofs (8), .BR auto.master (5), .BR mount (8). +.BR autofs_ldap_auth.conf (5) .SH BUGS Don't know, I've fixed everything I know about. --- autofs-5.0.5.orig/samples/autofs_ldap_auth.conf +++ autofs-5.0.5/samples/autofs_ldap_auth.conf @@ -1,69 +1,7 @@