make-sso
author Dan Fuhry <dan@enanocms.org>
Sat, 23 Feb 2013 14:26:38 -0500 (2013-02-23)
changeset 9 f4bf6556fb9f
parent 8 f68fdcc18df9
parent 6 3ac4e03f28b2
permissions -rwxr-xr-x
Merged
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     1
#!/bin/bash
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     2
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     3
set -e
8
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 5
diff changeset
     4
cd "`dirname $0`"
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 5
diff changeset
     5
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     6
. resources/functions
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     7
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     8
cat <<EOF
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     9
Welcome to SSO-in-a-Box! This script configures a stock Ubuntu 12.10 install
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    10
into a working Kerberos, LDAP, RADIUS and WebAuth server. We'll ask you for
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    11
details on your domain and your first administrative account, then get started
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    12
creating things.
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    13
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    14
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    15
>>>   If you have ANY existing LDAP or Kerberos database that you   <<<
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    16
>>>    want to save, EXIT THIS SCRIPT NOW by pressing Control-C.    <<<
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    17
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    18
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    19
EOF
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    20
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    21
get_input()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    22
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    23
	local var="$1"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    24
	local prompt="$2"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    25
	local prefill="${3:-}"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    26
	[ -n "$prefill" ] && prompt="${prompt} [${prefill}]"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    27
	eval "$var="\""$prefill"\"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    28
	while true; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    29
		read -p "$prompt: " "$var"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    30
		if [ -z "${!var}" ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    31
			if [ -n "$prefill" ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    32
				eval "$var="\""$prefill"\"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    33
				break
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    34
			fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    35
		else
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    36
			break
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    37
		fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    38
		echo "Invalid input."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    39
	done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    40
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    41
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    42
get_input fullname "Your full name"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    43
username=`echo "$fullname" | awk '{print $1;}' | tr '[A-Z]' '[a-z]'`
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    44
get_input username "Admin username" "$username"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    45
password="`generate_password 16`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    46
#while true; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    47
#	stty -echo
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    48
#	get_input password "Admin password"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    49
#	echo
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    50
#	get_input pconf "Confirm password"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    51
#	stty echo; echo
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    52
#	[ "$password" = "$pconf" ] && break
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    53
#	echo "Passwords do not match."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    54
#done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    55
get_input domain "Domain name"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    56
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    57
domain="`echo $domain | tr '[:upper:]' '[:lower:]'`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    58
ldap_suffix="dc=`echo $domain | sed -re 's/\./,dc=/g'`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    59
krb5_realm="`echo $domain | tr '[:lower:]' '[:upper:]'`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    60
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    61
echo "Your LDAP suffix is: $ldap_suffix"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    62
echo "Your Kerberos V realm is: $krb5_realm"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    63
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    64
echo "Setting up your /etc/hosts file"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    65
patch_hosts_file
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    66
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    67
echo "Setting up your Kerberos V client config."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    68
generate_krb5_config
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    69
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    70
echo "Updating apt, purging any existing SSO packages and installing stuff."
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    71
# silence apt etc.
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    72
export DEBIAN_FRONTEND=noninteractive
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    73
#apt-get update
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    74
apt-get remove --purge -y ${krb5_packages} ${ldap_packages} ${sasl_packages} \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    75
		${radius_packages} ${http_packages}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    76
apt-get install -y ${krb5_packages} ${ldap_packages} ${sasl_packages} screen \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    77
		${radius_packages} build-essential libkrb5-dev libssl-dev acl \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    78
		${http_packages} libnet-ldap-perl php5-ldap php5-dev libyaml-dev \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    79
		libnl-dev
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    80
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    81
# stop any running services
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    82
if pidof apache2 > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    83
	invoke-rc.d apache2 stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    84
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    85
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    86
if pidof freeradius > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    87
	invoke-rc.d freeradius stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    88
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    89
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    90
if pidof kcrap_server > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    91
	killall kcrap_server
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    92
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    93
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    94
if pidof saslauthd > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    95
	invoke-rc.d saslauthd stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    96
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    97
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    98
if pidof slapd > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    99
	invoke-rc.d slapd stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   100
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   101
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   102
if pidof krb5kdc > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   103
	invoke-rc.d krb5-kdc stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   104
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   105
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   106
if pidof kadmind > /dev/null; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   107
	invoke-rc.d krb5-admin-server stop
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   108
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   109
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   110
# LDAP setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   111
# remove any existing LDAP db
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   112
pidof slapd && killall -9 slapd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   113
if [ -f /var/lib/ldap/__db.001 ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   114
	rm -fv /var/lib/ldap/__db.* \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   115
		/var/lib/ldap/alock \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   116
		/var/lib/ldap/dn2id.bdb \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   117
		/var/lib/ldap/id2entry.bdb \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   118
		/var/lib/ldap/log.* \
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   119
		/var/lib/ldap/objectClass.bdb
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   120
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   121
ldap_manager_pw="`generate_password 40`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   122
echo -n "$ldap_manager_pw" > /etc/ldap.secret
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   123
chmod 600 /etc/ldap.secret
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   124
ldap_manager_pw_hash="`echo "$ldap_manager_pw" | slappasswd -T /etc/ldap.secret`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   125
ldap_reader_pw="`generate_password 10`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   126
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   127
if [ -d /etc/ldap/slapd.d ]; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   128
	rm -rfv /etc/ldap/slapd.d
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   129
fi
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   130
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   131
cp `dirname $0`/resources/openssh-lpk_openldap.schema /etc/ldap/schema/
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   132
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   133
generate_slapd_config
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   134
generate_base_ldif | slapadd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   135
chown -R openldap:openldap /var/lib/ldap
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   136
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   137
if ! grep -q "KRB5_KTNAME=/etc/ldap" /etc/default/slapd; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   138
	echo 'export KRB5_KTNAME="FILE:/etc/ldap/keytab"' >> /etc/default/slapd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   139
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   140
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   141
cat <<EOF > /etc/ldap/sasl2/slapd.conf
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   142
pwcheck_method: saslauthd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   143
saslauthd_path: /var/run/saslauthd/mux
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   144
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   145
EOF
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   146
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   147
# this allows slapd access to saslauthd's auth socket
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   148
gpasswd -a openldap sasl
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   149
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   150
# KDC setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   151
stash_pw="`generate_password 40`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   152
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   153
# seeds /dev/random rather nicely...
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   154
screen -dmS hasher sh -c "find /usr/lib/ /usr/share/ -print0 -type f | xargs -0 -n1 sha1sum"
6
3ac4e03f28b2 Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
Dan Fuhry <dan@fuhry.us>
parents: 5
diff changeset
   155
if [ -f /var/lib/krb5kdc/principal ]; then
3ac4e03f28b2 Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
Dan Fuhry <dan@fuhry.us>
parents: 5
diff changeset
   156
	rm -fv /var/lib/krb5kdc/principal \
3ac4e03f28b2 Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
Dan Fuhry <dan@fuhry.us>
parents: 5
diff changeset
   157
			/var/lib/krb5kdc/principal.kadm5 \
3ac4e03f28b2 Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
Dan Fuhry <dan@fuhry.us>
parents: 5
diff changeset
   158
			/var/lib/krb5kdc/principal.kadm5.lock \
3ac4e03f28b2 Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
Dan Fuhry <dan@fuhry.us>
parents: 5
diff changeset
   159
			/var/lib/krb5kdc/principal.ok
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   160
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   161
echo -en "${stash_pw}\n${stash_pw}\n" | kdb5_util create -s
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   162
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   163
echo -e "*/admin\t*" > /etc/krb5kdc/kadm5.acl
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   164
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   165
invoke-rc.d krb5-kdc start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   166
invoke-rc.d krb5-admin-server start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   167
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   168
kadmin.local -q "ank -pw "\""${password}"\"" $username"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   169
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   170
webkerb_pw="`generate_password 40`"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   171
kadmin.local -q "ank -pw "\""${webkerb_pw}"\"" webkerb/admin"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   172
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   173
kadmin.local -q "ank -randkey host/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   174
[ -f /etc/krb5.keytab ] && rm -f /etc/krb5.keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   175
kadmin.local -q "ktadd -norandkey -kt /etc/krb5.keytab host/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   176
kadmin.local -q "ank -randkey ldap/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   177
[ -f /etc/ldap/keytab ] && rm -f /etc/ldap/keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   178
kadmin.local -q "ktadd -norandkey -kt /etc/ldap/keytab ldap/ssoinabox.$domain"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   179
chown root:openldap /etc/ldap/keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   180
chmod 640 /etc/ldap/keytab
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   181
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   182
echo "/etc/ldap/keytab rk," > "/etc/apparmor.d/local/usr.sbin.slapd"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   183
invoke-rc.d apparmor restart
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   184
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   185
invoke-rc.d slapd start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   186
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   187
# SASL setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   188
configure_saslauthd
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   189
invoke-rc.d saslauthd start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   190
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   191
# KCRAP setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   192
build_kcrap > /dev/null
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   193
configure_kcrap
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   194
/usr/sbin/kcrap_server
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   195
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   196
# RADIUS setup
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   197
configure_freerad
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   198
invoke-rc.d freeradius start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   199
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   200
# RADIUS tests
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   201
test_freerad
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   202
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   203
# generate web stuff
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   204
generate_web_yaml
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   205
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   206
# apache config
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   207
for module in rewrite authz_dbm webauth webkdc; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   208
	a2enmod $module
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   209
done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   210
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   211
build_kadm5 > /dev/null
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   212
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   213
configure_webkdc
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   214
configure_webauth
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   215
configure_apache2
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   216
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   217
if pecl list | grep -q yaml; then
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   218
	pecl uninstall yaml
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   219
fi
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   220
yes "" | pecl install yaml > /dev/null
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   221
test -d /etc/php5/conf.d || mkdir /etc/php5/conf.d
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   222
echo "extension=yaml.so" > /etc/php5/conf.d/yaml.ini
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   223
cp `dirname $0`/resources/ldap-groups.db /etc/apache2/ldap-groups
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   224
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   225
# install packages
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   226
for d in packages/*; do
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   227
	cd $d
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   228
	./build
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   229
	cd ../..
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   230
done
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   231
find packages -name \*.deb -type f | xargs dpkg -i
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   232
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   233
/usr/local/share/ssoinabox/bin/ldap-groups-to-dbm
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   234
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   235
invoke-rc.d apache2 start
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   236
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   237
echo "Passwords to remember (WRITE THESE DOWN):"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   238
echo "Kerberos master key:   $stash_pw"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   239
echo "LDAP manager password: $ldap_manager_pw"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   240
echo "LDAP reader DN:        cn=ldap-reader,ou=Roles,$ldap_suffix"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   241
echo "LDAP reader password:  $ldap_reader_pw"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   242
echo "Admin username:        $username"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   243
echo "Admin password:        $password"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   244
echo "Change your admin password by typing:"
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   245
echo "  kadmin.local -q "\""cpw $username"\"""