Module: Yast::KerberosClientDialogsInclude

Defined in:
../../src/include/kerberos-client/dialogs.rb

Instance Method Summary (collapse)

Instance Method Details

- (Object) AdvancedDialog

Kerberos advanced configuration

Returns:

  • dialog result



1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
# File '../../src/include/kerberos-client/dialogs.rb', line 1066

def AdvancedDialog
  display_info = UI.GetDisplayInfo
  @text_mode = Ops.get_boolean(display_info, "TextMode", false)

  @ExpertSettings = Convert.convert(
    Builtins.union(
      Kerberos.ExpertSettings,
      {
        "minimum_uid"     => Kerberos.minimum_uid,
        "ticket_lifetime" => Kerberos.ticket_lifetime,
        "renew_lifetime"  => Kerberos.renew_lifetime,
        "forwardable"     => Kerberos.forwardable,
        "proxiable"       => Kerberos.proxiable,
        "ignore_unknown"  => Kerberos.ignore_unknown,
        "clockskew"       => Kerberos.clockskew,
        "ssh_support"     => Kerberos.ssh_support
      }
    ),
    :from => "map",
    :to   => "map <string, any>"
  )

  Ops.set(
    @widget_description,
    "tab",
    CWMTab.CreateWidget(
      {
        "tab_order"    => ["main", "pam_expert", "services"],
        "tabs"         => get_tabs_descr,
        "widget_descr" => @widget_description,
        "initial_tab"  => "main"
      }
    )
  )

  Wizard.SetContentsButtons(
    "",
    VBox(),
    "",
    Label.CancelButton,
    Label.OKButton
  )

  ret = CWM.ShowAndRun(
    {
      "widget_names" => ["tab"],
      "widget_descr" => @widget_description,
      "contents"     => VBox("tab"),
      # default dialog caption
      "caption"      => _(
        "Advanced Kerberos Client Configuration"
      ),
      "back_button"  => Label.CancelButton,
      "next_button"  => Label.OKButton,
      "abort_button" => nil
    }
  )
  Builtins.y2milestone("Returning %1", ret)
  if ret == :next
    Kerberos.minimum_uid = Ops.get_string(
      @ExpertSettings,
      "minimum_uid",
      "1"
    )
    Kerberos.ticket_lifetime = Ops.get_string(
      @ExpertSettings,
      "ticket_lifetime",
      "1d"
    )
    Kerberos.renew_lifetime = Ops.get_string(
      @ExpertSettings,
      "renew_lifetime",
      "1d"
    )
    Kerberos.clockskew = Ops.get_string(@ExpertSettings, "clockskew", "300")
    Kerberos.forwardable = Ops.get_string(
      @ExpertSettings,
      "forwardable",
      "false"
    )
    Kerberos.proxiable = Ops.get_string(
      @ExpertSettings,
      "proxiable",
      "false"
    )
    if Ops.get_boolean(@ExpertSettings, "ssh_support", false) !=
        Kerberos.ssh_support
      Kerberos.ssh_modified = true
      Kerberos.ssh_support = Ops.get_boolean(
        @ExpertSettings,
        "ssh_support",
        false
      )
    end
    if Ops.get_boolean(@ExpertSettings, "ignore_unknown", false) !=
        Kerberos.ignore_unknown
      Kerberos.pam_modified = true
      Kerberos.ignore_unknown = Ops.get_boolean(
        @ExpertSettings,
        "ignore_unknown",
        false
      )
    end
    # ssh_support, ignore_unknown are not from /etc/krb5.conf
    @ExpertSettings = Builtins.remove(@ExpertSettings, "ssh_support")
    Kerberos.ExpertSettings = Builtins.remove(
      @ExpertSettings,
      "ignore_unknown"
    )
  end
  ret
end

- (Object) check_address(address)

check the validity of the entered address enhanced for setting the port number after colon



690
691
692
693
694
695
696
697
698
699
700
# File '../../src/include/kerberos-client/dialogs.rb', line 690

def check_address(address)
  address_l = Builtins.splitstring(address, ":")
  if Builtins.size(address_l) == 1
    return Address.Check(address)
  elsif Builtins.size(address_l) == 2
    return Address.Check(Ops.get_string(address_l, 0, "")) &&
      Builtins.regexpmatch(Ops.get_string(address_l, 1, "0"), "^[0-9]+$")
  else
    return false
  end
end

- (Object) ConfigureDialog

Dialog for configuring Kerberos client (values in /etc/krb5.conf)

Returns:

  • dialog result



704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
# File '../../src/include/kerberos-client/dialogs.rb', line 704

def ConfigureDialog
  # help text 1/5
  help_text = _(
    "<p>\n" +
      "<b><big>Authentication with Kerberos</big></b><br>\n" +
      "The Kerberos client configuration updates your PAM settings to enable Kerberos authentication.  Your system needs access to a Kerberos server in the network for this to work.\n" +
      "</p>\n"
  ) +
    # help text 2/5
    _(
      "<p>\n" +
        "<b>Basic Client Settings</b>:\n" +
        "Enter your <b>Default Domain</b>, <b>Default Realm</b>, and the hostname or address of your Key Distribution Center (<b>KDC Server Address</b>). To specify more values for KDC, separate them by spaces.</p>"
    ) +
    # help text 3/5
    _(
      "<p>\nIt is common practice to use the domain name in uppercase as your default realm name, but you can select freely. If the realm is not available on the server, you cannot log in.  Ask your server administrator if you need more information.</p>\n"
    ) +
    # help text for Use DNS to acquire the configuration data at runtime
    _(
      "Check <b>Use DNS to Acquire the Configuration Data at Runtime</b> to let your client use the Kerberos authentication data provided by DNS. This option cannot be selected if the DNS server does not provide such data.</p>"
    ) +
    # help text 5/5
    _("<p>To configure more settings, click <b>Advanced Settings</b>.</p>")

  # during installation, star ldap is default value
  installation = Stage.cont && !Builtins.contains(WFM.Args, "from_users")
  default_realm = Kerberos.default_realm
  kdc = Kerberos.kdc
  default_domain = Kerberos.default_domain
  use_pam_krb = Kerberos.use_pam_krb || installation
  dns_used = Kerberos.dns_used
  dns_available = Kerberos.dns_available

  con = HBox(
    HSpacing(3),
    VBox(
      VSpacing(0.5),
      RadioButtonGroup(
        Id(:rd),
        Left(
          HVSquash(
            VBox(
              # radio button label
              Left(
                RadioButton(
                  Id(:pamno),
                  Opt(:notify),
                  _("Do No&t Use Kerberos"),
                  !use_pam_krb
                )
              ),
              # radio button label
              Left(
                RadioButton(
                  Id(:pamyes),
                  Opt(:notify),
                  _("&Use Kerberos"),
                  use_pam_krb
                )
              )
            )
          )
        )
      ),
      VSpacing(0.2),
      Left(
        HBox(
          HSpacing(2),
          CheckBox(
            Id(:dns),
            Opt(:notify),
            # checkbox label
            _("Use DN&S to acquire the configuration data at runtime"),
            dns_used
          )
        )
      ),
      VSpacing(),
      # frame label
      Frame(
        _("Basic Kerberos Settings"),
        HBox(
          HSpacing(0.5),
          VBox(
            VSpacing(0.5),
            HBox(
              # textentry label
              TextEntry(Id(:domain), _("Default &Domain"), default_domain),
              # textentry label
              TextEntry(Id(:realm), _("Default Real&m"), default_realm)
            ),
            # textentry label
            TextEntry(Id(:kdc), _("&KDC Server Address"), kdc),
            # infield label
            VSpacing(0.5)
          ),
          HSpacing(0.5)
        )
      ),
      VSpacing(0.6),
      # pushbutton label
      Right(PushButton(Id(:advanced), _("Ad&vanced Settings..."))),
      VSpacing(0.2)
    ),
    HSpacing(3)
  )

  Wizard.SetContentsButtons(
    # dialog title
    _("Kerberos Client Configuration"),
    con,
    help_text,
    Stage.cont ? Label.BackButton : Label.CancelButton,
    Stage.cont ? Label.NextButton : Label.OKButton
  )
  if Stage.cont
    Wizard.RestoreAbortButton
  else
    Wizard.HideAbortButton
  end

  UI.ChangeWidget(Id(:dns), :Enabled, dns_available && use_pam_krb)
  Builtins.foreach([:realm, :domain, :kdc, :advanced]) do |widget|
    UI.ChangeWidget(Id(widget), :Enabled, use_pam_krb)
    if widget != :advanced && use_pam_krb
      UI.ChangeWidget(Id(widget), :Enabled, !dns_used)
    end
  end

  result = nil
  begin
    result = Convert.to_symbol(UI.UserInput)

    if result == :pamyes || result == :pamno
      use_pam_krb = result == :pamyes
      Builtins.foreach([:realm, :domain, :kdc, :advanced]) do |widget|
        UI.ChangeWidget(Id(widget), :Enabled, use_pam_krb)
      end
      UI.ChangeWidget(Id(:dns), :Enabled, dns_available && use_pam_krb)
    end
    if result == :dns
      dns_used = Convert.to_boolean(UI.QueryWidget(Id(:dns), :Value))
      Builtins.foreach([:realm, :domain, :kdc]) do |widget|
        UI.ChangeWidget(Id(widget), :Enabled, !dns_used)
      end
      # fill the values with the ones provided by DNS...
      UI.ChangeWidget(Id(:realm), :Value, Kerberos.dns_default_realm)
      UI.ChangeWidget(Id(:kdc), :Value, Kerberos.dns_kdc)
    end

    if result == :next || result == :advanced
      default_realm = Convert.to_string(UI.QueryWidget(Id(:realm), :Value))
      default_domain = Convert.to_string(
        UI.QueryWidget(Id(:domain), :Value)
      )
      kdc = Convert.to_string(UI.QueryWidget(Id(:kdc), :Value))
      dns_used = Convert.to_boolean(UI.QueryWidget(Id(:dns), :Value))

      if use_pam_krb && default_realm == ""
        # error popup label
        Report.Error(_("Enter the default realm name."))
        UI.SetFocus(Id(:realm))
        result = :not_next
        next
      end

      if use_pam_krb && kdc == ""
        # error popup label
        Report.Error(_("Enter the address of the KDC server."))
        UI.SetFocus(Id(:kdc))
        result = :not_next
        next
      end
      if use_pam_krb
        kdcs = Builtins.splitstring(kdc, " \t")
        checked = true
        Builtins.foreach(kdcs) { |k| checked = checked && check_address(k) }
        if !checked
          # error popup label
          Report.Error(
            Ops.add(
              _("The KDC server address is invalid.") + "\n\n",
              Address.Valid4
            )
          )
          UI.SetFocus(Id(:kdc))
          result = :not_next
          next
        end
      end
    end
    if (result == :abort || result == :cancel || result == :back) &&
        ReallyAbort() != :abort
      result = :not_next
    end
    if result == :next && use_pam_krb
      if !Package.InstallAll(Kerberos.RequiredPackages)
        result = :not_next
        use_pam_krb = false
        UI.ChangeWidget(Id(:rd), :Value, :pamno)
        Builtins.foreach([:realm, :domain, :kdc, :advanced, :dns]) do |widget|
          UI.ChangeWidget(Id(widget), :Enabled, use_pam_krb)
        end
      end
    end
  end while !Builtins.contains([:back, :cancel, :abort, :next, :advanced], result)

  if result == :next || result == :advanced
    Kerberos.modified = true
    Kerberos.default_domain = default_domain
    Kerberos.default_realm = default_realm
    Kerberos.kdc = kdc
    Kerberos.dns_used = dns_used

    if use_pam_krb != Kerberos.use_pam_krb
      Kerberos.pam_modified = true
      Kerberos.use_pam_krb = use_pam_krb
    end
  end
  result
end

- (Object) get_tabs_descr

description of tab layouts



928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
# File '../../src/include/kerberos-client/dialogs.rb', line 928

def get_tabs_descr
  {
    "main"       => {
      # tab header
      "header"       => _("PAM Settings"),
      "contents"     => Top(
        HBox(
          HSpacing(3),
          VBox(
            VSpacing(0.4),
            # frame label
            Frame(
              _("Ticket Attributes"),
              HBox(
                HSpacing(0.5),
                VBox(
                  VSpacing(0.4),
                  "ticket_lifetime",
                  "renew_lifetime",
                  HBox("forwardable", HSpacing(0.5), "proxiable"),
                  VSpacing(0.4)
                ),
                HSpacing(0.5)
              )
            ),
            VSpacing(0.4),
            Left("ssh_support"),
            VSpacing(0.2),
            Left("ignore_unknown"),
            VSpacing(0.4),
            "minimum_uid",
            HBox("clockskew", VBox(Label(""), "ntp")),
            VSpacing(0.6),
            Left("nss_client")
          ),
          HSpacing(3)
        )
      ),
      "widget_names" => [
        "ticket_lifetime",
        "renew_lifetime",
        "forwardable",
        "proxiable",
        "ssh_support",
        "ignore_unknown",
        "minimum_uid",
        "clockskew",
        "ntp",
        "nss_client"
      ]
    },
    "pam_expert" => {
      # tab header
      "header"       => _("Expert PAM Settings"),
      "contents"     => HBox(
        HSpacing(2),
        VBox(
          VSpacing(0.4),
          HBox("keytab", VBox(Label(""), "browse_keytab")),
          HBox("ccache_dir", VBox(Label(""), "browse_ccache_dir")),
          "ccname_template",
          "mappings",
          "banner",
          VStretch()
        ),
        HSpacing(2)
      ),
      "widget_names" => [
        "keytab",
        "browse_keytab",
        "ccache_dir",
        "browse_ccache_dir",
        "ccname_template",
        "mappings",
        "banner"
      ]
    },
    "services"   => {
      # tab header
      "header"       => _("PAM Services"),
      "contents"     => HBox(
        HSpacing(2),
        VBox(
          "services_help",
          VSpacing(0.4),
          "addressless",
          # `VSpacing (0.4),
          # "existing_ticket",
          VSpacing(0.4),
          "external",
          VSpacing(0.4),
          "use_shmem",
          VSpacing(0.4),
          "validate",
          VSpacing(0.4),
          HBox(
            HWeight(1, "debug"),
            HSpacing(0.5),
            HWeight(1, "debug_sensitive")
          ),
          VSpacing(0.4),
          HBox(
            HWeight(1, "initial_prompt"),
            HSpacing(0.5),
            HWeight(1, "subsequent_prompt")
          ),
          VSpacing(0.4),
          VStretch()
        ),
        HSpacing(2)
      ),
      "widget_names" => [
        "services_help",
        "addressless",
        "external",
        "use_shmem",
        "validate",
        "debug",
        "debug_sensitive",
        "initial_prompt",
        "subsequent_prompt"
      ]
    },
    "realms"     => {
      # tab header
      "header"       => _("Realm Settings"),
      "contents"     => HBox(
        HSpacing(2),
        VBox(VSpacing(0.4), Empty(Opt(:hstretch, :vstretch))),
        HSpacing(2)
      ),
      "widget_names" => []
    }
  }
end

- (Object) HandleBrowseDirectory(key, event)

universal handler for directory browsing



595
596
597
598
599
600
601
602
603
604
605
606
607
608
# File '../../src/include/kerberos-client/dialogs.rb', line 595

def HandleBrowseDirectory(key, event)
  event = deep_copy(event)
  return nil if Ops.get(event, "ID") != key
  val = Builtins.substring(key, 7)
  current = Convert.to_string(UI.QueryWidget(Id(val), :Value))
  current = "" if current == nil
  # directory location popup label
  dir = UI.AskForExistingDirectory(current, _("Path to Directory"))
  if dir != nil
    UI.ChangeWidget(Id(val), :Value, dir)
    StoreDescription(val, {})
  end
  nil
end

- (Object) HandleBrowseFile(key, event)

universal handler for looking up files



611
612
613
614
615
616
617
618
619
620
621
622
623
624
# File '../../src/include/kerberos-client/dialogs.rb', line 611

def HandleBrowseFile(key, event)
  event = deep_copy(event)
  return nil if Ops.get(event, "ID") != key
  val = Builtins.substring(key, 7)
  current = Convert.to_string(UI.QueryWidget(Id(val), :Value))
  current = "" if current == nil
  # file location popup label
  dir = UI.AskForExistingFile(current, "", _("Path to File"))
  if dir != nil
    UI.ChangeWidget(Id(val), :Value, dir)
    StoreDescription(val, {})
  end
  nil
end

- (Object) HandleClientCallButton(key, event)

handler for Configure User Data menubutton + NTP client button



569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
# File '../../src/include/kerberos-client/dialogs.rb', line 569

def HandleClientCallButton(key, event)
  event = deep_copy(event)
  _ID = Ops.get(event, "ID")
  if (key != "nss_client" ||
      Ops.get_string(event, "EventType", "") != "MenuEvent") &&
      (key != "ntp" || _ID != key)
    return nil
  end
  if _ID == "ldap" || _ID == "nis" || _ID == "ntp"
    if Package.Install(Builtins.sformat("yast2-%1-client", _ID))
      WFM.CallFunction(Ops.add(Convert.to_string(_ID), "-client"), [])
    end
  end
  nil
end

- (Object) HandleDescription(key, event)

handler for general string-value widgets: store their value on exit/save



550
551
552
553
554
555
# File '../../src/include/kerberos-client/dialogs.rb', line 550

def HandleDescription(key, event)
  event = deep_copy(event)
  # store the value on exiting
  StoreDescription(key, event) if Ops.get(event, "ID") == :next
  nil
end

- (Object) InitCheckBox(id)

universal widget: initialize the string value of widget @param



558
559
560
561
562
563
564
565
566
# File '../../src/include/kerberos-client/dialogs.rb', line 558

def InitCheckBox(id)
  UI.ChangeWidget(
    Id(id),
    :Value,
    Ops.get_boolean(@ExpertSettings, id, false)
  )

  nil
end

- (Object) InitCombo(id)

initialize the value of combo box



627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
# File '../../src/include/kerberos-client/dialogs.rb', line 627

def InitCombo(id)
  value = Ops.get_string(@ExpertSettings, id, "")
  items = [
    # combo box item
    Item(Id("true"), _("All services"), "true" == value),
    # combo box item
    Item(Id("false"), _("No services"), "false" == value),
    # combo box item
    Item(Id(""), _("Not set"), value == "")
  ]
  if !Builtins.contains(["true", "false", ""], value)
    items = Builtins.add(items, Item(Id(value), value, true))
  end
  UI.ChangeWidget(Id(id), :Items, items)

  nil
end

- (Object) InitDescription(id)

universal widget: initialize the string value of widget @param



522
523
524
525
526
527
528
529
530
531
# File '../../src/include/kerberos-client/dialogs.rb', line 522

def InitDescription(id)
  val = Ops.get_string(@ExpertSettings, id, "")
  if id == "minimum_uid"
    UI.ChangeWidget(Id(id), :Value, Builtins.tointeger(val))
  else
    UI.ChangeWidget(Id(id), :Value, val)
  end

  nil
end

- (Object) initialize_kerberos_client_dialogs(include_target)



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
# File '../../src/include/kerberos-client/dialogs.rb', line 30

def initialize_kerberos_client_dialogs(include_target)
  Yast.import "UI"

  textdomain "kerberos"

  Yast.import "Address"
  Yast.import "CWM"
  Yast.import "CWMTab"
  Yast.import "IP"
  Yast.import "Kerberos"
  Yast.import "Label"
  Yast.import "Mode"
  Yast.import "Package"
  Yast.import "Popup"
  Yast.import "Report"
  Yast.import "Stage"
  Yast.import "String"
  Yast.import "Wizard"

  # map of current expert settings
  @ExpertSettings = {}

  @text_mode = false

  @widget_description = {
    # ---------------- widgtes for ("main") tab
    "ticket_lifetime"    => {
      "widget"            => :textentry,
      # textentry label
      "label"             => _("&Default Lifetime"),
      # help text (do not transl. values "m","h", "d")
      "help"              => _(
        "<p>By default, the time unit of <b>Default Lifetime</b>, <b>Default Renewable Lifetime</b>, and <b>Clock Skew</b> is set to seconds. Alternatively, specify the time unit (<tt>m</tt> for minutes, <tt>h</tt> for hours, or <tt>d</tt> for days) and use it as a value suffix, as in <tt>1d</tt> or <tt>24h</tt> for one day.</p>"
      ),
      "init"              => fun_ref(
        method(:InitDescription),
        "void (string)"
      ),
      "store"             => fun_ref(
        method(:StoreDescription),
        "void (string, map)"
      ),
      "handle"            => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "validate_type"     => :function,
      "validate_function" => fun_ref(
        method(:ValidateTimeEntries),
        "boolean (string, map)"
      ),
      "valid_chars"       => Ops.add(String.CDigit, "dmh")
    },
    "renew_lifetime"     => {
      "widget"            => :textentry,
      # textentry label
      "label"             => _(
        "De&fault Renewable Lifetime"
      ),
      "no_help"           => true,
      "init"              => fun_ref(
        method(:InitDescription),
        "void (string)"
      ),
      "store"             => fun_ref(
        method(:StoreDescription),
        "void (string, map)"
      ),
      "handle"            => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "validate_type"     => :function,
      "validate_function" => fun_ref(
        method(:ValidateTimeEntries),
        "boolean (string, map)"
      ),
      "valid_chars"       => Ops.add(String.CDigit, "dmh")
    },
    "forwardable"        => {
      "widget" => :combobox,
      "opt"    => [:hstretch, :notify, :editable],
      # checkbox label
      "label"  => _("For&wardable"),
      # help text
      "help"   => _(
        "<p><b>Forwardable</b> lets you transfer your complete identity (TGT) to another machine. <b>Proxiable</b> only lets you transfer particular tickets. Select wheter the options should be applied to all PAM services, none of them or enter a list of services separated by spaces.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "proxiable"          => {
      #	"widget"	: `checkbox,
      "widget"  => :combobox,
      "opt"     => [:hstretch, :notify, :editable],
      # checkbox label
      "label"   => _("&Proxiable"),
      "no_help" => true,
      "init"    => fun_ref(method(:InitCombo), "void (string)"),
      "store"   => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle"  => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "retain_after_close" => {
      "widget" => :checkbox,
      # checkbox label
      "label"  => _("R&etained"),
      # help text
      "help"   => _(
        "<p>If <b>Retained</b> is enabled, a PAM module keeps the tickets after closing the session.</p>"
      ),
      "init"   => fun_ref(method(:InitCheckBox), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "ssh_support"        => {
      "widget" => :checkbox,
      # checkbox label
      "label"  => _("Kerberos Support for Open&SSH Client"),
      # help text
      "help"   => _(
        "<p>To enable Kerberos support for your OpenSSH client, select <b>Kerberos Support for OpenSSH Client</b>. In this case, Kerberos tickets are used for user authentication on the SSH server.</p>"
      ),
      "init"   => fun_ref(method(:InitCheckBox), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "ignore_unknown"     => {
      "widget" => :checkbox,
      # checkbox label
      "label"  => _("&Ignore Unknown Users"),
      # help text
      "help"   => _(
        "<p>Check <b>Ignore Unknown Users</b> to have Kerberos ignore authentication attempts by users it does not know.</p>"
      ),
      "init"   => fun_ref(method(:InitCheckBox), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "minimum_uid"        => {
      "widget" => :intfield,
      "opt"    => [:hstretch],
      # intfield label
      "label"  => _("Minimum &UID"),
      # help text
      "help"   => _(
        "<p>When the <b>Minimum UID</b> is greater than 0, authentication attempts by users with UIDs below the specified number are ignored. This is useful for disabling Kerberos authentication for the system administrator root.</p>"
      ),
      "init"   => fun_ref(method(:InitDescription), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "clockskew"          => {
      "widget"            => :textentry,
      # textentry label
      "label"             => _("C&lock Skew"),
      # help text
      "help"              => _(
        "<p>The <b>Clock Skew</b> is the tolerance for time stamps not exactly matching the host's system clock. The value is in seconds.</p>"
      ),
      "init"              => fun_ref(
        method(:InitDescription),
        "void (string)"
      ),
      "store"             => fun_ref(
        method(:StoreDescription),
        "void (string, map)"
      ),
      "handle"            => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "validate_type"     => :function,
      "validate_function" => fun_ref(
        method(:ValidateTimeEntries),
        "boolean (string, map)"
      ),
      "valid_chars"       => Ops.add(String.CDigit, "dmh")
    },
    "ntp"                => {
      "widget" => :push_button,
      # push button label
      "label"  => _("&NTP Configuration..."),
      "help"   => _(
        "<p>\n" +
          "To synchronize your time with an NTP server, configure your computer\n" +
          "as an NTP client. Access the configuration with <b>NTP Configuration</b>.\n" +
          "</p>\n"
      ),
      "handle" => fun_ref(
        method(:HandleClientCallButton),
        "symbol (string, map)"
      )
    },
    "nss_client"         => {
      "widget" => :menu_button,
      # push button label
      "label"  => _("C&onfigure User Data"),
      # help text
      "help"   => _(
        "<p>To configure the source of user accounts, select the appropriate configuration module in <b>Configure User Data</b>.</p>"
      ),
      "items"  => [
        # menu item
        ["ldap", _("LDAP Client")],
        # menu item
        ["nis", _("NIS Client")]
      ],
      "handle" => fun_ref(
        method(:HandleClientCallButton),
        "symbol (string, map)"
      )
    },
    # ---------------- widgtes for Expert Pam Settings ("pam_expert") tab
    "ccache_dir"         => {
      "widget" => :textentry,
      # textentry label
      "label"  => _("Credential Cac&he Directory"),
      # help text for "Credential Cac&he Directory"
      "help"   => _(
        "<p>Specify the directory where to place credential cache files as <b>Credential Cache Directory</b>.</p>"
      ),
      "init"   => fun_ref(method(:InitDescription), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "browse_ccache_dir"  => {
      "widget"  => :push_button,
      # push button label
      "label"   => _("&Browse..."),
      "no_help" => true,
      "handle"  => fun_ref(
        method(:HandleBrowseDirectory),
        "symbol (string, map)"
      )
    },
    "ccname_template"    => {
      "widget"  => :textentry,
      # textentry label
      "label"   => _("Credential Cache &Template"),
      # help text
      "help"    => _(
        "<p><b>Credential Cache Template</b> specifies the location in which to place the user's session-specific credential cache.</p>"
      ),
      "init"    => fun_ref(method(:InitDescription), "void (string)"),
      "store"   => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle"  => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "no_help" => true
    },
    "keytab"             => {
      "widget" => :textentry,
      # textentry label
      "label"  => _("&Keytab File Location"),
      # help text
      "help"   => _(
        "<p>Specify the location of the file with the keys of principals in <b>Keytab File Location</b>.</p>"
      ),
      "init"   => fun_ref(method(:InitDescription), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "browse_keytab"      => {
      "widget"  => :push_button,
      # push button label
      "label"   => _("Bro&wse..."),
      "no_help" => true,
      "handle"  => fun_ref(
        method(:HandleBrowseFile),
        "symbol (string, map)"
      )
    },
    "mappings"           => {
      "widget" => :textentry,
      # textentry label
      "label"  => _("&Mappings"),
      # help text
      "help"   => _(
        "<p>With <b>Mappings</b>, specify how the PAM module should derive the principal's name from the system user name.</p>"
      ),
      "init"   => fun_ref(method(:InitDescription), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "banner"             => {
      "widget" => :textentry,
      # textentry label
      "label"  => _("Ba&nner"),
      # help text
      "help"   => _(
        "<p>The value of <b>Banner</b> is a text that should be shown before a password questions.</p>"
      ),
      "init"   => fun_ref(method(:InitDescription), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    # ---------------- widgets for Services tab
    "services_help"      => {
      "widget" => :empty,
      # generic help for Services tab
      "help"   => _(
        "<p>All settings in this dialog can be applied for all PAM services, no service or a specific list of services separated by commas.</p>"
      )
    },
    "addressless"        => {
      "widget" => :combobox,
      "opt"    => [:hstretch, :notify, :editable],
      # textentry label
      "label"  => _("Add&ressless Initial Tickets"),
      # help text
      "help"   => _(
        "<p>When <b>Addressless Initial Tickets</b> is set, initial tickets (TGT) with no address information are requested.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "debug"              => {
      "widget" => :combobox,
      "opt"    => [:notify, :editable],
      # textentry label
      "label"  => _("&Debug"),
      # help text
      "help"   => _(
        "<p>Check <b>Debug</b> to turn on debugging for selected services via syslog.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "debug_sensitive"    => {
      "widget" => :combobox,
      "opt"    => [:notify, :editable],
      # textentry label
      "label"  => _("&Sensitive Debug"),
      # help text
      "help"   => _(
        "<p><b>Sensitive Debug</b> turns  on  debugging  of  sensitive  information.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "existing_ticket"    => {
      "widget" => :combobox,
      "opt"    => [:hstretch, :notify, :editable],
      # textentry label
      "label"  => _("Accept &Existing Ticket"),
      # help text
      "help"   => _(
        "<p>Check <b>Accept Existing Ticket</b> to tell PAM module to accept the presence of pre-existing Kerberos credentials as sufficient to authenticate the user.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "items"  => []
    },
    "external"           => {
      "widget" => :combobox,
      "opt"    => [:hstretch, :notify, :editable],
      # textentry label
      "label"  => _("E&xternal Credentials"),
      # help text
      "help"   => _(
        "<p>List the services allowed to provide credentials in <b>External Credentials</b>.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "items"  => []
    },
    "use_shmem"          => {
      "widget" => :combobox,
      "opt"    => [:hstretch, :notify, :editable],
      # textentry label
      "label"  => _("Use Shared Mem&ory"),
      # help text
      "help"   => _(
        "<p><b>Use Shared Memory</b> describes the services for which the shared memory is used during authentication.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "items"  => []
    },
    "validate"           => {
      "widget" => :combobox,
      "opt"    => [:hstretch, :notify, :editable],
      # textentry label
      "label"  => _("&Validate Initial Ticket"),
      # help text
      "help"   => _(
        "<p>Select the services for which TGT should be validated by changing the value of <b>Validate Initial Ticket</b>."
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      ),
      "items"  => []
    },
    "initial_prompt"     => {
      "widget" => :combobox,
      "opt"    => [:notify, :editable],
      # textentry label
      "label"  => _("&Initial Prompt"),
      # help text
      "help"   => _(
        "<p>With <b>Initial Prompt</b> checked, the PAM module asks for a password before the authentication attempt.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    },
    "subsequent_prompt"  => {
      "widget" => :combobox,
      "opt"    => [:notify, :editable],
      # textentry label
      "label"  => _("Subsequent &Prompt"),
      # help text
      "help"   => _(
        "<p>If <b>Subsequent Prompt</b> is enabled, the PAM module may ask the user for a password, in case the previously-entered  password  was  somehow  insufficient for authentication.</p>"
      ),
      "init"   => fun_ref(method(:InitCombo), "void (string)"),
      "store"  => fun_ref(method(:StoreDescription), "void (string, map)"),
      "handle" => fun_ref(
        method(:HandleDescription),
        "symbol (string, map)"
      )
    }
  }
end

- (Object) ReadDialog

Read settings dialog

Returns:

  • abort if aborted andnext otherwise



663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
# File '../../src/include/kerberos-client/dialogs.rb', line 663

def ReadDialog
  ret = Kerberos.Read

  if Kerberos.sssd
    # popup message
    Popup.Message(
      "System Security Services Daemon (SSSD) is configured.\n" +
        "It is in use for Kerberos authentication instead of pam_krb5.\n" +
        "\n" +
        "SSSD specific options can be configured in LDAP Client Configuration module."
    )
  end

  ret ? :next : :abort
end

- (Object) ReallyAbort

The dialog that appears when the [Abort] button is pressed.

Returns:

  • abort if user really wants to abort,back otherwise



651
652
653
654
655
656
657
658
659
# File '../../src/include/kerberos-client/dialogs.rb', line 651

def ReallyAbort
  ret = Kerberos.Modified || Stage.cont ? Popup.ReallyAbort(true) : true

  if ret
    return :abort
  else
    return :back
  end
end

- (Object) StoreDescription(key, event)

store the string value of given widget



534
535
536
537
538
539
540
541
542
543
544
545
546
547
# File '../../src/include/kerberos-client/dialogs.rb', line 534

def StoreDescription(key, event)
  event = deep_copy(event)
  if key == "minimum_uid"
    Ops.set(
      @ExpertSettings,
      key,
      Builtins.tostring(UI.QueryWidget(Id(key), :Value))
    )
  else
    Ops.set(@ExpertSettings, key, UI.QueryWidget(Id(key), :Value))
  end

  nil
end

- (Object) ValidateTimeEntries(key, event)

Validation function for widgets with time values



586
587
588
589
590
591
592
# File '../../src/include/kerberos-client/dialogs.rb', line 586

def ValidateTimeEntries(key, event)
  event = deep_copy(event)
  val = Convert.to_string(UI.QueryWidget(Id(key), :Value))
  return true if val == "" || Kerberos.ValidateTimeEntries(key, val)
  UI.SetFocus(Id(key))
  false
end

- (Object) WriteDialog

Write settings dialog

Returns:

  • abort if aborted andnext otherwise



681
682
683
684
685
686
# File '../../src/include/kerberos-client/dialogs.rb', line 681

def WriteDialog
  # help text
  Wizard.RestoreHelp(_("Writing Kerberos client settings..."))
  ret = Kerberos.Write
  ret ? :next : :abort
end