make-sso
author Dan Fuhry <dan@fuhry.us>
Fri, 18 Jan 2013 19:59:50 -0500 (2013-01-19)
changeset 5 cdd708efa505
parent 4 2212b2ded8bf
child 6 3ac4e03f28b2
child 8 f68fdcc18df9
permissions -rwxr-xr-x
Apparently Ubuntu switched the location of Kerberos files?
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     1
#!/bin/bash
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     2
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     3
set -e
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     4
. resources/functions
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     5
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     6
cat <<EOF
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     7
Welcome to SSO-in-a-Box! This script configures a stock Ubuntu 12.10 install
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     8
into a working Kerberos, LDAP, RADIUS and WebAuth server. We'll ask you for
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     9
details on your domain and your first administrative account, then get started
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    10
creating things.
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    11
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    12
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    13
>>>   If you have ANY existing LDAP or Kerberos database that you   <<<
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    14
>>>    want to save, EXIT THIS SCRIPT NOW by pressing Control-C.    <<<
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    15
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    16
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    17
EOF
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    18
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    19
get_input()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    20
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    21
	local var="$1"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    22
	local prompt="$2"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    23
	local prefill="${3:-}"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    24
	[ -n "$prefill" ] && prompt="${prompt} [${prefill}]"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    25
	eval "$var="\""$prefill"\"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    26
	while true; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    27
		read -p "$prompt: " "$var"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    28
		if [ -z "${!var}" ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    29
			if [ -n "$prefill" ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    30
				eval "$var="\""$prefill"\"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    31
				break
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    32
			fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    33
		else
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    34
			break
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    35
		fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    36
		echo "Invalid input."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    37
	done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    38
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    39
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    40
get_input fullname "Your full name"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    41
username=`echo "$fullname" | awk '{print $1;}' | tr '[A-Z]' '[a-z]'`
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    42
get_input username "Admin username" "$username"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    43
password="`generate_password 16`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    44
#while true; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    45
#	stty -echo
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    46
#	get_input password "Admin password"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    47
#	echo
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    48
#	get_input pconf "Confirm password"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    49
#	stty echo; echo
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    50
#	[ "$password" = "$pconf" ] && break
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    51
#	echo "Passwords do not match."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    52
#done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    53
get_input domain "Domain name"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    54
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    55
domain="`echo $domain | tr '[:upper:]' '[:lower:]'`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    56
ldap_suffix="dc=`echo $domain | sed -re 's/\./,dc=/g'`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    57
krb5_realm="`echo $domain | tr '[:lower:]' '[:upper:]'`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    58
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    59
echo "Your LDAP suffix is: $ldap_suffix"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    60
echo "Your Kerberos V realm is: $krb5_realm"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    61
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    62
echo "Setting up your /etc/hosts file"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    63
patch_hosts_file
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    64
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    65
echo "Setting up your Kerberos V client config."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    66
generate_krb5_config
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    67
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    68
echo "Updating apt, purging any existing SSO packages and installing stuff."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    69
# silence apt etc.
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    70
export DEBIAN_FRONTEND=noninteractive
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    71
#apt-get update
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    72
apt-get remove --purge -y ${krb5_packages} ${ldap_packages} ${sasl_packages} \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    73
		${radius_packages} ${http_packages}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    74
apt-get install -y ${krb5_packages} ${ldap_packages} ${sasl_packages} screen \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    75
		${radius_packages} build-essential libkrb5-dev libssl-dev acl \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    76
		${http_packages} libnet-ldap-perl php5-ldap php5-dev libyaml-dev \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    77
		libnl-dev
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    78
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    79
# stop any running services
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    80
if pidof apache2 > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    81
	invoke-rc.d apache2 stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    82
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    83
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    84
if pidof freeradius > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    85
	invoke-rc.d freeradius stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    86
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    87
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    88
if pidof kcrap_server > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    89
	killall kcrap_server
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    90
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    91
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    92
if pidof saslauthd > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    93
	invoke-rc.d saslauthd stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    94
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    95
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    96
if pidof slapd > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    97
	invoke-rc.d slapd stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    98
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    99
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   100
if pidof krb5kdc > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   101
	invoke-rc.d krb5-kdc stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   102
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   103
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   104
if pidof kadmind > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   105
	invoke-rc.d krb5-admin-server stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   106
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   107
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   108
# LDAP setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   109
# remove any existing LDAP db
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   110
pidof slapd && killall -9 slapd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   111
if [ -f /var/lib/ldap/__db.001 ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   112
	rm -fv /var/lib/ldap/__db.* \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   113
		/var/lib/ldap/alock \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   114
		/var/lib/ldap/dn2id.bdb \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   115
		/var/lib/ldap/id2entry.bdb \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   116
		/var/lib/ldap/log.* \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   117
		/var/lib/ldap/objectClass.bdb
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   118
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   119
ldap_manager_pw="`generate_password 40`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   120
echo -n "$ldap_manager_pw" > /etc/ldap.secret
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   121
chmod 600 /etc/ldap.secret
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   122
ldap_manager_pw_hash="`echo "$ldap_manager_pw" | slappasswd -T /etc/ldap.secret`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   123
ldap_reader_pw="`generate_password 10`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   124
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   125
if [ -d /etc/ldap/slapd.d ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   126
	rm -rfv /etc/ldap/slapd.d
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   127
fi
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   128
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   129
cp `dirname $0`/resources/openssh-lpk_openldap.schema /etc/ldap/schema/
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   130
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   131
generate_slapd_config
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   132
generate_base_ldif | slapadd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   133
chown -R openldap:openldap /var/lib/ldap
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   134
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   135
if ! grep -q "KRB5_KTNAME=/etc/ldap" /etc/default/slapd; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   136
	echo 'export KRB5_KTNAME="FILE:/etc/ldap/keytab"' >> /etc/default/slapd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   137
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   138
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   139
cat <<EOF > /etc/ldap/sasl2/slapd.conf
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   140
pwcheck_method: saslauthd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   141
saslauthd_path: /var/run/saslauthd/mux
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   142
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   143
EOF
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   144
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   145
# this allows slapd access to saslauthd's auth socket
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   146
gpasswd -a openldap sasl
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   147
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   148
# KDC setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   149
stash_pw="`generate_password 40`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   150
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   151
# seeds /dev/random rather nicely...
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   152
screen -dmS hasher sh -c "find /usr/lib/ /usr/share/ -print0 -type f | xargs -0 -n1 sha1sum"
5
cdd708efa505 Apparently Ubuntu switched the location of Kerberos files?
Dan Fuhry <dan@fuhry.us>
parents: 4
diff changeset
   153
if [ -f /etc/krb5kdc/principal ]; then
cdd708efa505 Apparently Ubuntu switched the location of Kerberos files?
Dan Fuhry <dan@fuhry.us>
parents: 4
diff changeset
   154
	rm -fv /etc/krb5kdc/principal \
cdd708efa505 Apparently Ubuntu switched the location of Kerberos files?
Dan Fuhry <dan@fuhry.us>
parents: 4
diff changeset
   155
			/etc/krb5kdc/principal.kadm5 \
cdd708efa505 Apparently Ubuntu switched the location of Kerberos files?
Dan Fuhry <dan@fuhry.us>
parents: 4
diff changeset
   156
			/etc/krb5kdc/principal.kadm5.lock \
cdd708efa505 Apparently Ubuntu switched the location of Kerberos files?
Dan Fuhry <dan@fuhry.us>
parents: 4
diff changeset
   157
			/etc/krb5kdc/principal.ok
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   158
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   159
echo -en "${stash_pw}\n${stash_pw}\n" | kdb5_util create -s
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   160
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   161
echo -e "*/admin\t*" > /etc/krb5kdc/kadm5.acl
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   162
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   163
invoke-rc.d krb5-kdc start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   164
invoke-rc.d krb5-admin-server start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   165
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   166
kadmin.local -q "ank -pw "\""${password}"\"" $username"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   167
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   168
webkerb_pw="`generate_password 40`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   169
kadmin.local -q "ank -pw "\""${webkerb_pw}"\"" webkerb/admin"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   170
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   171
kadmin.local -q "ank -randkey host/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   172
[ -f /etc/krb5.keytab ] && rm -f /etc/krb5.keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   173
kadmin.local -q "ktadd -norandkey -kt /etc/krb5.keytab host/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   174
kadmin.local -q "ank -randkey ldap/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   175
[ -f /etc/ldap/keytab ] && rm -f /etc/ldap/keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   176
kadmin.local -q "ktadd -norandkey -kt /etc/ldap/keytab ldap/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   177
chown root:openldap /etc/ldap/keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   178
chmod 640 /etc/ldap/keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   179
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   180
echo "/etc/ldap/keytab rk," > "/etc/apparmor.d/local/usr.sbin.slapd"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   181
invoke-rc.d apparmor restart
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   182
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   183
invoke-rc.d slapd start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   184
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   185
# SASL setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   186
configure_saslauthd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   187
invoke-rc.d saslauthd start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   188
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   189
# KCRAP setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   190
build_kcrap > /dev/null
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   191
configure_kcrap
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   192
/usr/sbin/kcrap_server
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   193
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   194
# RADIUS setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   195
configure_freerad
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   196
invoke-rc.d freeradius start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   197
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   198
# RADIUS tests
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   199
test_freerad
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   200
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   201
# generate web stuff
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   202
generate_web_yaml
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   203
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   204
# apache config
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   205
for module in rewrite authz_dbm webauth webkdc; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   206
	a2enmod $module
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   207
done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   208
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   209
build_kadm5 > /dev/null
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   210
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   211
configure_webkdc
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   212
configure_webauth
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   213
configure_apache2
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   214
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   215
if pecl list | grep -q yaml; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   216
	pecl uninstall yaml
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   217
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   218
yes "" | pecl install yaml > /dev/null
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   219
test -d /etc/php5/conf.d || mkdir /etc/php5/conf.d
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   220
echo "extension=yaml.so" > /etc/php5/conf.d/yaml.ini
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   221
cp `dirname $0`/resources/ldap-groups.db /etc/apache2/ldap-groups
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   222
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   223
# install packages
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   224
for d in packages/*; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   225
	cd $d
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   226
	./build
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   227
	cd ../..
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   228
done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   229
find packages -name \*.deb -type f | xargs dpkg -i
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   230
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   231
/usr/local/share/ssoinabox/bin/ldap-groups-to-dbm
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   232
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   233
invoke-rc.d apache2 start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   234
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   235
echo "Passwords to remember (WRITE THESE DOWN):"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   236
echo "Kerberos master key:   $stash_pw"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   237
echo "LDAP manager password: $ldap_manager_pw"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   238
echo "LDAP reader DN:        cn=ldap-reader,ou=Roles,$ldap_suffix"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   239
echo "LDAP reader password:  $ldap_reader_pw"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   240
echo "Admin username:        $username"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   241
echo "Admin password:        $password"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   242
echo "Change your admin password by typing:"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   243
echo "  kadmin.local -q "\""cpw $username"\"""