Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
W
White Rabbit Switch - Software
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
83
Issues
83
List
Board
Labels
Milestones
Merge Requests
4
Merge Requests
4
CI / CD
CI / CD
Pipelines
Schedules
Wiki
Wiki
image/svg+xml
Discourse
Discourse
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Projects
White Rabbit Switch - Software
Commits
eff064e6
Commit
eff064e6
authored
Jan 31, 2019
by
Adam Wujek
💬
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Kconfig: add items for LDAP, kerberos and disable root login
Signed-off-by:
Adam Wujek
<
adam.wujek@cern.ch
>
parent
8b44ae65
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
89 additions
and
1 deletion
+89
-1
Kconfig
Kconfig
+89
-1
No files found.
Kconfig
View file @
eff064e6
...
@@ -170,8 +170,95 @@ config HOSTNAME_STRING
...
@@ -170,8 +170,95 @@ config HOSTNAME_STRING
help
help
Use this string as a static hostname of the switch.
Use this string as a static hostname of the switch.
menu "Authorization and authentication"
config ROOT_ACCESS_DISABLE
bool "Disable root access via ssh"
help
Used by ssh
config LDAP_ENABLE
bool "Enable LDAP authorization"
help
Enable LDAP authorization. Used by ssh.
config LDAP_SERVER
string "LDAP server"
depends on LDAP_ENABLE
help
LDAP server(s) e.g. ldap://xldap.cern.ch
config LDAP_SEARCH_BASE
string "LDAP search base"
depends on LDAP_ENABLE
help
LDAP search base e.g. dc=cern,dc=ch
choice
prompt "LDAP filter"
depends on LDAP_ENABLE
default LDAP_FILTER_NONE
config LDAP_FILTER_NONE
bool "Don't apply filter to LDAP"
help
Allow all LDAP users to log in.
config LDAP_FILTER_EGROUP
bool "Apply e-group filter to LDAP"
help
Allow logins only from an e-group defined in CONFIG_LDAP_FILTER_EGROUP_STR
This option is CERN specific.
config LDAP_FILTER_CUSTOM
bool "Apply custom filter to LDAP"
help
Provide custom filtering string for LDAP authorization.
endchoice
config LDAP_FILTER_EGROUP_STR
string "LDAP e-group"
depends on LDAP_FILTER_EGROUP
help
LDAP's e-group for authorization. This option is CERN specific.
config LDAP_FILTER_CUSTOM_STR
string "LDAP access filter string"
depends on LDAP_FILTER_CUSTOM
help
Custom string with a filter for LDAP authorization:
(memberOf=CN=white-rabbit-switch-root,OU=e-groups,OU=Workgroups,DC=cern,DC=ch)
choice
prompt "Authorization method"
depends on LDAP_ENABLE
default AUTH_KRB5
config AUTH_LDAP
bool "Enable LDAP authentication"
depends on LDAP_ENABLE
help
Used by ssh for authentication
config AUTH_KRB5
bool "Enable Kerberos authentication"
depends on LDAP_ENABLE
help
Used by ssh for authentication
endchoice
config AUTH_KRB5_SERVER
string "Kerberos server"
depends on AUTH_KRB5
help
Server name of Kerberos. Usually it is in capital letters.
For CERN, please use CERN.CH
menu "Root Password"
menu "Root Password"
config ROOT_PWD_IS_ENCRYPTED
config ROOT_PWD_IS_ENCRYPTED
bool "Should this file include an encripted root password?"
bool "Should this file include an encripted root password?"
help
help
...
@@ -195,11 +282,12 @@ config ROOT_PWD_CYPHER
...
@@ -195,11 +282,12 @@ config ROOT_PWD_CYPHER
depends on ROOT_PWD_IS_ENCRYPTED
depends on ROOT_PWD_IS_ENCRYPTED
help
help
The actual pre-encrypted string. This is stored at run time
The actual pre-encrypted string. This is stored at run time
into /etc/passwd, for ssh authentica
z
ion. To create the
into /etc/passwd, for ssh authentica
t
ion. To create the
string, please run "mkpasswd --method=md5 <password>"
string, please run "mkpasswd --method=md5 <password>"
endmenu
endmenu
endmenu # "Authorization and authentication"
config NTP_SERVER
config NTP_SERVER
string "IP address of local NTP server (empty for none)"
string "IP address of local NTP server (empty for none)"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment