nQc@siddlZddlZddlZddlZddlZddlZejZddlm Z m Z ddl Z e j e j ddZedrddlZnde fdYZde fd YZd fd YZd efd YZedkreejejejejdedrFeZn eZejejndS(iN(t OptionParsertIndentedHelpFormattertcCstjdj|dkS(Ni(tsystargvtfind(tname((s#/usr/share/authconfig/authconfig.pytrunsAs!ssauthconfig-tuitUnihelpOptionParsercBseZddZRS(cCs~|dkrtj}ntj}t|dd}| sI|dkrR|}n|j|jj|j |ddS(Ntencodingtasciitreplace( tNoneRtstdouttlocaletgetpreferredencodingtgetattrtwritet format_helptdecodetencode(tselftfilet srcencodingR ((s#/usr/share/authconfig/authconfig.pyt print_help(s    N(t__name__t __module__R R(((s#/usr/share/authconfig/authconfig.pyR'stNonWrapFormattercBseZdZRS(cCsg}|j|}|j|jd}t||kr[d|jd|f}|j}n8d|jd||f}d|jd||f}d}|j||jr|j|}|jd|d|fn |ddkr|jdndj|S(Nis%*s%s Rs %*s%-*s iis (toption_stringst help_positiontcurrent_indenttlentappendthelptexpand_defaulttjoin(Rtoptiontresulttoptst opt_widtht indent_firstt help_text((s#/usr/share/authconfig/authconfig.pyt format_option2s     (RRR*(((s#/usr/share/authconfig/authconfig.pyR1st AuthconfigcBs}eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d ZRS( cCsCt|_t|_t|_t|_t|_t|_d|_dS(Ni(tFalset nis_availtkerberos_availt ldap_availt sssd_availt cache_availt fprintd_availtretval(R((s#/usr/share/authconfig/authconfig.pyt__init__Vs      cCsdS(Nt authconfig((R((s#/usr/share/authconfig/authconfig.pytmodule_scCs$tjjd|j|fdS(Ns%s: %s (RtstderrRR6(Rterror((s#/usr/share/authconfig/authconfig.pyt printErrorbscCsud}d}xX|D]P}|dkr2|d7}n|rO|t|d7}n||7}|d7}qW|d7}|S(Nit(tstr(RtltaddidxtidxR!titem((s#/usr/share/authconfig/authconfig.pytlistHelpes     c Cstd|j}|jdkr5|d7}nt|dtdt}|jdddd d td |jd d dd d td|jddd d td|jdddd d td|jddd d td|jdd|jtjtd td|jddd d td|jddd d td|jddtdd td|jd dtd!d td"|jd#dd d td$|jd%dd d td&|jd'dd d td(|jd)dd d td*|jd+dtd!d td,|jd-dtd.d td/|jd0d1dd d td2|jd3d4dd d td5|jd6dd d td7|jd8dd d td9|jd:dtd;d td<|jd=dd d td>|jd?dd d td@|jdAdd d tdB|jdCdd d tdD|jdEdtdFd tdG|jtj t }|jdHd|d tdI|jdJdd d tdK|jdLdd d tdM|jdNdd d tdO|jdPdd d tdQ|jdRdd d tdS|jdTdd d tdU|jdVdtd!d tdW|jdXdtd!d tdY|jdZdtd[d td\|jd]dd d td^|jd_dd d td`|jdadd d tdb|jdcdd d tdd|jdedd d tdf|jdgdd d tdh|jdidd d tdj|jdkdd d tdl|jdmddnd tdo|jdpdtd[d tdq|jdrdtdsd tdt|jdudtdvd tdw|jdxdydzdtd{d td||jd}dd~d td|jdddd td|jdddd td|jdddd td|jddd d td|jddd d td|jddd d td|jddd d td|jdddd td|jddd d td|jddd d td|jddtdd td|jddtd[d td|jddtdsd td|jddd d td|jddd d td|jdddd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jdddd td|jdddd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddtdd td|jddtdd td|jddtdd td|jddtdd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jdkr-|jddd d td|jddd d tdn"|jdddd d td|jddd d td|jddd d td|jddtdd td|jddtdd td|jddd d td |j \|_ }|r4|j td tjd n|jdk r|j j r|j j r|j j r|j j r|j j r|j j r|j j r|jtjd ndS( Nsusage: %s [options]R5se {--update|--updateall|--test|--probe|--restorebackup |--savebackup |--restorelastbackup}tadd_help_optiont formatters-hs--helptactionR!sshow this help message and exits--enableshadows --useshadowt store_trues$enable shadowed passwords by defaults--disableshadows%disable shadowed passwords by defaults --enablemd5s--usemd5senable MD5 passwords by defaults --disablemd5s disable MD5 passwords by defaults --passalgotmetavars&hash/crypt algorithm for new passwordss --enableniss*enable NIS for user information by defaults --disableniss+disable NIS for user information by defaults --nisdomainssdefault NIS domains --nisserverssdefault NIS servers --enableldaps+enable LDAP for user information by defaults --disableldaps,disable LDAP for user information by defaults--enableldapauths)enable LDAP for authentication by defaults--disableldapauths*disable LDAP for authentication by defaults --ldapservers#default LDAP server hostname or URIs --ldapbasednssdefault LDAP base DNs--enableldaptlss--enableldapstarttlss&enable use of TLS with LDAP (RFC-2830)s--disableldaptlss--disableldapstarttlss'disable use of TLS with LDAP (RFC-2830)s--enablerfc2307bissBenable use of RFC-2307bis schema for LDAP user information lookupss--disablerfc2307bissCdisable use of RFC-2307bis schema for LDAP user information lookupss--ldaploadcacertss load CA certificate from the URLs--enablesmartcards0enable authentication with smart card by defaults--disablesmartcards1disable authentication with smart card by defaults--enablerequiresmartcards0require smart card for authentication by defaults--disablerequiresmartcards7do not require smart card for authentication by defaults--smartcardmoduless default smart card module to uses--smartcardactions(action to be taken on smart card removals--enablefingerprints9enable authentication with fingerprint readers by defaults--disablefingerprints:disable authentication with fingerprint readers by defaults--enableecryptfss"enable automatic per-user ecryptfss--disableecryptfss#disable automatic per-user ecryptfss --enablekrb5s)enable kerberos authentication by defaults --disablekrb5s*disable kerberos authentication by defaults --krb5kdcsdefault kerberos KDCs--krb5adminserversdefault kerberos admin servers --krb5realmssdefault kerberos realms--enablekrb5kdcdnss'enable use of DNS to find kerberos KDCss--disablekrb5kdcdnss(disable use of DNS to find kerberos KDCss--enablekrb5realmdnss)enable use of DNS to find kerberos realmss--disablekrb5realmdnss*disable use of DNS to find kerberos realmss--enablewinbinds.enable winbind for user information by defaults--disablewinbinds/disable winbind for user information by defaults--enablewinbindauths,enable winbind for authentication by defaults--disablewinbindauths-disable winbind for authentication by defaults --smbsecurityss*security mode to use for samba and winbinds --smbrealms5default realm for samba and winbind when security=adss --smbserverss s(names of servers to authenticate againsts--smbworkgroups s'workgroup authentication servers are ins--smbidmapranges --smbidmapuids --smbidmapgidss4uid range winbind will assign to domain or ads userss--winbindseparators<\>sthe character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enableds--winbindtemplatehomedirs sGthe directory which winbind-created users will have as home directoriess--winbindtemplateprimarygroupssFthe group which winbind-created users will have as their primary groups--winbindtemplateshells sDthe shell which winbind-created users will have as their login shells--enablewinbindusedefaultdomains[configures winbind to assume that users with no domain in their user names are domain userss --disablewinbindusedefaultdomains_configures winbind to assume that users with no domain in their user names are not domain userss--enablewinbindofflines)configures winbind to allow offline logins--disablewinbindofflines+configures winbind to prevent offline logins --winbindjoinss>join the winbind domain or ads realm now as this administrators --enableipav2s?enable IPAv2 for user information and authentication by defaults--disableipav2s@disable IPAv2 for user information and authentication by defaults --ipav2domains-the IPAv2 domain the system should be part ofs --ipav2realmsthe realm for the IPAv2 domains --ipav2serversthe server for the IPAv2 domains--enableipav2nontps-do not setup the NTP against the IPAv2 domains--disableipav2nontps0setup the NTP against the IPAv2 domain (default)s --ipav2joins s%join the IPAv2 domain as this accounts --enablewinss#enable wins for hostname resolutions --disablewinss$disable wins for hostname resolutions--enablepreferdnss3prefer dns over wins or nis for hostname resolutions--disablepreferdnss:do not prefer dns over wins or nis for hostname resolutions--enablehesiods-enable hesiod for user information by defaults--disablehesiods.disable hesiod for user information by defaults --hesiodlhsssdefault hesiod LHSs --hesiodrhsssdefault hesiod RHSs --enablesssdsOenable SSSD for user information by default with manually managed configurations --disablesssdsVdisable SSSD for user information by default (still used for supported configurations)s--enablesssdauthsMenable SSSD for authentication by default with manually managed configurations--disablesssdauthsTdisable SSSD for authentication by default (still used for supported configurations)s--enableforcelegacys;never use SSSD implicitly even for supported configurationss--disableforcelegacys4use SSSD implicitly if it supports the configurations--enablecachecredss5enable caching of user credentials in SSSD by defaults--disablecachecredss6disable caching of user credentials in SSSD by defaults --enablecachesXenable caching of user information by default (automatically disabled when SSSD is used)s--disablecaches.disable caching of user information by defaults--enablelocauthorizes1local authorization is sufficient for local userss--disablelocauthorizes1authorize local users also through remote services--enablepamaccesss.check access.conf during account authorizations--disablepamaccesss5do not check access.conf during account authorizations--enablesysnetauths0authenticate system accounts by network servicess--disablesysnetauths0authenticate system accounts by local files onlys--enablemkhomedirs6create home directories for users on their first logins--disablemkhomedirs=do not create home directories for users on their first logins --passminlenssminimum length of a passwords--passminclasss1minimum number of character classes in a passwords--passmaxrepeats;maximum number of same consecutive characters in a passwords--passmaxclassrepeatsDmaximum number of consecutive characters of same class in a passwords--enablereqlowers6require at least one lowercase character in a passwords--disablereqlowers1do not require lowercase characters in a passwords--enablerequppers6require at least one uppercase character in a passwords--disablerequppers1do not require uppercase characters in a passwords--enablereqdigits(require at least one digit in a passwords--disablereqdigits#do not require digits in a passwords--enablereqothers2require at least one other character in a passwords--disablereqothers-do not require other characters in a passwords --nostarts+do not start/stop portmap, ypbind, and nscds--tests>do not update the configuration files, only print new settingssauthconfig-tuis--backs<display Back instead of Cancel in the main dialog of the TUIs --kickstarts1do not display the deprecated text user interfaces--updatesDopposite of --test, update configuration files with changed settingss --updateallsupdate all configuration filess--probes)probe network for defaults and print thems --savebackupss(save a backup of all configuration filess--restorebackups)restore the backup of configuration filess--restorelastbackupsXrestore the backup of configuration files saved before the previous configuration changesunexpected argumenti(t_R6RR,Rt add_optionRCtauthinfotpassword_algorithmstgetSmartcardActionstTruet parse_argstoptionsR9Rtexittprobettesttupdatet updateallt savebackupt restorebackuptrestorelastbackupR(Rtusagetparsertactshelptargs((s#/usr/share/authconfig/authconfig.pyt parseOptionsrs                                                                                                                    '  cCstj|j}|j|jrF|jrFd|j|jfGHn|jrp|jrpd|j|jfGHn|jrd|j|j pd|j pdfGHndS(Ns hesiod %s/%ss ldap %s/%s skrb5 %s/%s/%s R( RKtAuthInfoR9RRt hesiodLHSt hesiodRHSt ldapServert ldapBaseDNt kerberosRealmt kerberosKDCtkerberosAdminServer(Rtinfo((s#/usr/share/authconfig/authconfig.pyRRs     cCsLtj|j|_|jj|_|jjdkrHt|j_ndS(N( RKtreadR9Rftcopyt pristineinfotenableLocAuthorizeR RN(R((s#/usr/share/authconfig/authconfig.pyt readAuthInfoscCstjtjtjo-tjtjtj|_tjtjtj|_tjtj tjo{tjtj tj|_ tjtj tjotjtj tj|_tjtjtj|_tjtjtj|_dS(N(tostaccessRKt PATH_YPBINDtX_OKtPATH_LIBNSS_NISR-t PATH_PAM_KRB5R.t PATH_PAM_LDAPtPATH_LIBNSS_LDAPR/t PATH_PAM_SSStPATH_LIBNSS_SSSR0t PATH_NSCDR1tPATH_PAM_FPRINTDR2(R((s#/usr/share/authconfig/authconfig.pyttestAvailableSubsysscCs2i#dd6dd6dd6dd6d d 6d d 6d d6dd6dd6dd6dd6dd6dd6dd6dd6dd 6d!d"6d#d$6d%d&6d'd(6d)d*6d+d,6d-d.6d/d06d1d26d3d46d5d66d7d86d9d:6d;d<6d=d>6d?d@6dAdB6dCdD6dEdF6}idGdH6dIdJ6dKdL6dMdN6dOdP6dQdR6dSdT6dUdV6dWdX6dYdZ6d[d\6d]d^6d_d`6dadb6dcdd6dedf6dgdh6didj6dkdl6dmdn6dodp6dqdr6dsdt6dudv6dwdx6dydz6d{d|6d}d~6dd6}xr|jD]d\}}t|jd|rt|j|tnt|jd|rt|j|tqqWy+|jjr_d|j_n d|j_Wnt k rnX|jj r|jj |jj kr|jj |jj |j_ |jj|jj |j_ny+|jj}|dkr t|}nWn0tk r@|jtdd|j_nXy+|jj}|dkrkt|}nWn0tk r|jtdd|j_nXy+|jj}|dkrt|}nWn0tk r|jtdd|j_nXy+|jj}|dkr't|}nWn0tk rZ|jtdd|j_nXxT|jD]F\}}t|j|dkrht|j|t|j|qhqhW|jjr|jjjdd}|d|j_t|dkr|d|j_qn|jjdkr5|jj|j_n|jjry,t|jj}t j!||j_"Wqtt#fk r|jtdd|j_"qXn|jj$s|jj%rd|j_&n|jj'r.d|j_&q.n@|jj$t j(kr.|jtdd|j_&d|_)ndS(Nt enableShadowtshadowRjt locauthorizetenablePAMAccesst pamaccesstenableSysNetAutht sysnetauthtenableMkHomeDirt mkhomedirt enableCachetcachetenableEcryptfstecryptfst enableHesiodthesiodt enableLDAPtldapt enableLDAPStldaptlstenableRFC2307bist rfc2307bistenableLDAPAuthtldapauthtenableKerberostkrb5t enableNIStnistkerberosKDCviaDNSt krb5kdcdnstkerberosRealmviaDNSt krb5realmdnstenableSmartcardt smartcardt enableFprintdt fingerprinttforceSmartcardtrequiresmartcardt enableWinbindtwinbindtenableWinbindAutht winbindauthtwinbindUseDefaultDomaintwinbindusedefaultdomaintwinbindOfflinetwinbindofflinet enableIPAv2tipav2t ipav2NoNTPt ipav2nontpt enableWINStwinst enableSSSDtsssdtenableSSSDAuthtsssdauthtenableForceLegacyt forcelegacytenableCacheCredst cachecredstpreferDNSinHostst preferdnst passReqLowertreqlowert passReqUppertrequppert passReqDigittreqdigitt passReqOthertreqothertpasswordAlgorithmtpassalgoR_t hesiodlhsR`t hesiodrhsRat ldapserverRbt ldapbasednt ldapCacertURLtldaploadcacertRct krb5realmRdtkrb5kdcRetkrb5adminservertsmartcardModuletsmartcardmoduletsmartcardActiontsmartcardactiont nisDomaint nisdomaint nisServert nisservert smbWorkgroupt smbworkgroupt smbServerst smbserverst smbSecurityt smbsecuritytsmbRealmtsmbrealmt smbIdmapRanget smbidmaprangetwinbindSeparatortwinbindseparatortwinbindTemplateHomedirtwinbindtemplatehomedirtwinbindTemplatePrimaryGrouptwinbindtemplateprimarygrouptwinbindTemplateShelltwinbindtemplateshellt ipav2Domaint ipav2domaint ipav2Realmt ipav2realmt ipav2Servert ipav2servert passMinLent passminlent passMinClasst passminclasst passMaxRepeatt passmaxrepeattpassMaxClassRepeattpassmaxclassrepeattenabletdisableRs-The passminlen option value is not an integers/The passminclass option value is not an integers0The passmaxrepeat option value is not an integers5The passmaxclassrepeat option value is not an integert%iis(Bad smart card removal action specified.tmd5tdescrypts;Unknown password hashing algorithm specified, using sha256.tsha256i(*t iteritemsRRPtsetattrRfRNR,Rt ldapSchematAttributeErrorRRctgetKerberosKDCRdtgetKerberosAdminServerReRR tintt ValueErrorR9RIRRRt winbindjointsplittjoinUserRt joinPasswordt ipav2joinRRKRMRt IndexErrorRt enablemd5Rt disablemd5RLR3(Rt bool_settingststring_settingstopttaivaltvaltlstRA((s#/usr/share/authconfig/authconfig.pytoverrideSettingss      $!            &      cCstS(N(RN(R((s#/usr/share/authconfig/authconfig.pytdoUI<scCsH|jjr|jjtn|jjdkrD|jjtndS(N(RPRRft joinDomainRNRR t joinIPADomain(R((s#/usr/share/authconfig/authconfig.pyR?s cCs|jj|jjr7|jjs7d|_q7n|jj|jjrn|jjsd|_qn!|jj |j sd|_n|j |jj |jj dS(Niii(RfttestLDAPCACertsRtdownloadLDAPCACertR3trehashLDAPCACertsRPRURt writeChangedRiRtposttnostart(R((s#/usr/share/authconfig/authconfig.pyt writeAuthInfoEs      cCs|j|jjr0|jtjdn|jj rrtjdkrr|jt dtjdn|j |jj r|j j }tjt| n|jjr|j j|jj}tjt| n|jjr$|j j|jj}tjt| n|j|j|jsv|jjrf|jt dntjdn|jjr|j jn |j|jS(Niscan only be run as rootisdialog was cancelledi(R]RPRRRRQRSRltgetuidR9RIRkRXRft restoreLastRRWt restoreBackupRVt saveBackupRxR Rt printInfoRR3(Rtrv((s#/usr/share/authconfig/authconfig.pytrunUs6             (RRR4R6R9RCR]RRRkRxR RRRR(((s#/usr/share/authconfig/authconfig.pyR+Us       t AuthconfigTUIcBseZdZdZdZdZdddZdZdZ dZ dZ d Z d Z d Zd Zd ZdZRS(cCsdS(Nsauthconfig-tui((R((s#/usr/share/authconfig/authconfig.pyR6tscCs/|jjr+|jjr+|jjtndS(N(RPt kickstartRRfRRN(R((s#/usr/share/authconfig/authconfig.pyRwscCs|s dSx|r|d}|d}t|tkrv|jjr_|d}|d}qv|d}|d}ntj|tjstd||d|f}tj |j td|tdgn|d}q WdS(NiiisThe %s file was not found, but it is required for %s support to work properly. Install the %s package, which provides this file.tWarningtOki( ttypettupleRft sssdSupportedRlRmtR_OKRItsnacktButtonChoiceWindowtscreen(Rttoggletwarningtpathtpackagettext((s#/usr/share/authconfig/authconfig.pytwarn|s         +c# CsEtjtdddg}tjtdddg}tjtjftdd6dg}tjtjftdd7dg}tjtj ftd d8dg}tj td d dg}tj tdddg}tj tdddg}tj tdd|g} tjtdd| g} tjdd} tjtd} | j| ddddddtjtdt|jj} }| j|ddddddtjtdt|jj}}| j|ddddddtjtdt|jj}}| j|ddddddtjtdt|jj}}| j|dd ddddtjtd!t|jj}}| j|dd"ddddtjdd#}tjtd$} |j| ddddddtjtd%t|jjd&k}}|j|ddddddtjtd't|jj}}|j|ddddddtjtd(t|jj}}|j|ddddddtjtd)t|jj}}|j|dd ddddtjtd*t|jj}}|j|dd"ddddtjtd+t|jj }}|j|ddddddtjtd,t|jj!}}|j|dd-ddddtjdd}|j| ddddd.dd/d9|j|ddd0dd.dd/d:tjdd}tj"|j#j$rtd1ptd2}tj"td3}|j|dd|j|ddtjdd}|j|dddd|j|ddddtj%} |j&j'|td4| j(|| j)} | |kr.| j*|j_|j*|j_|j*|j_|j*|j_|j*|j_|j*|j_|j*rd&|j_n!|jjd&krd5|j_n|j*|j_|j*|j_|j*|j_ |j*|j_!|j*|j_|jj|f|jj|f|jj|f|jj| f|jj|f|jj|f|jj|f|jj|f|jj | fg }!x)|!D]}"|j+|"d|"dq Wn|j&j,| |kS(;NtcachingtnscdsFingerprint readert pam_fprintdtKerberostpam_krb5s sssd-clientsLDAP authenticationtpam_ldaptLDAPs nss-pam-ldapdtNIStypbindsshadow passwords shadow-utilstWinbinds samba-clientsWinbind authentications samba-commoniisUser Informationit anchorLefttgrowxsCache InformationsUse LDAPisUse NISis Use IPAv2is Use WinbindiitAuthenticationsUse MD5 PasswordsRsUse Shadow PasswordssUse LDAP Authentications Use KerberossUse Fingerprint readersUse Winbind Authentications!Local authorization is sufficientit anchorToptpaddingt anchorRighttBacktCanceltNextsAuthentication ConfigurationR(R4s sssd-client(R5s sssd-client(s nss-pam-ldapds sssd-client(iiii(iiii(-RKRvRIR RwRqRtRrRsRuRnt PATH_PWCONVtPATH_WINBIND_NETtPATH_PAM_WINBINDtPATH_LIBNSS_WINBINDR'tGridtLabeltsetFieldtCheckboxtboolRfRRRRRRRyRRRRRjtButtonRPtbacktFormR)tgridWrappedWindowtaddRtselectedR/t popWindow(#Rt warnCachet warnFprintdt warnKerberost warnLDAPAuthtwarnLDAPtwarnNISt warnShadowtwarnWinbindNettwarnWinbindAutht warnWinbindtinfoGridtcompRtcbRRRRtauthGridRRztldapaRtfprintdRR{tmechGridt buttonGridtcanceltoktmainGridtformt allwarningsR+((s#/usr/share/authconfig/authconfig.pytgetMainChoicess$$$(((((.((((((%%-       cCst|}tjd|}d} g} xn|D]f\} } } }| dkrtj| tt|j| }| j||jtj dd| dd|j|d| ddn| dkrEtj | }|j|d| d dddtj d t|j| d |}| j||j|d| d dnH| d kr:tj | }|j|d| d dddddy#t|j| }|j |Wnt k r|d}nXd}g}x*|D]"}|j||||kfqWtjd|}| j||j|d| ddnS| dkrtjd| dddd}| j||j|d| ddn| d7} q1Wtj|rdpdd}tj|}tj|}|rtj|pd}|j|dd|r!|j|ddn|j||r6dp9ddtjdd}|j|ddd dd d|j|ddd dd dtj}|jj|||j|xtr|j}||krPn| }x|D]\} } } }| dkr2t|j| |jdjq| dkrct|j| |jdjq| d krt|j| |jdjq| dkr|jdqqW||krPn|r|qqW|jj||kS(NiittfvalueRR?iR:tsvalueR>i(thiddenR;trvalueR=tlvaluei2tflexDowntflexUpi(iiii(iiii(iiii(iiii(RR'RGRJRKRRfR RIRHtEntrytindexRR tRadioBartTextboxReflowedRLRNR)RORPRNRRtpopRQtvaluet getSelectionRR(Rtdtitletitemst canceltxttoktxtt anothertxtt anothercbtrowst questionGridtrowtwidgetstttdesctattrR R_R^tselt buttonlisttvtradioBarRdReRftanotherRgRhtwcopy((s#/usr/share/authconfig/authconfig.pytgetGenericChoicess  $ " $  %            % % %   c Csdtdddfdtdddfdtdddfg}|jtd |td |rrtd p{td d tdd|jS(NRlsDomain:RisRealm:RsServer:RsIPAv2 SettingsR@RBR"R}s Join DomainR~(RIRtmaybeGetJoinSettings(Rtnextt questions((s#/usr/share/authconfig/authconfig.pytgetIPAv2Settingsas *cCsdtdddfdtdddfdtdd dfg}|jtd |td |rrtd p{td S(NRksUse TLSRRlsServer:RaisBase DN:Rbs LDAP SettingsR@RBR"(RIR R(RRR((s#/usr/share/authconfig/authconfig.pytgetLDAPSettingsis cCsjdtdddfdtdddfg}|jtd|td|r]td pftd S( NRlsDomain:RisServer:Rs NIS SettingsR@RBR"(RIR(RRR((s#/usr/share/authconfig/authconfig.pytgetNISSettingspscCsdtdddfdtdddfdtdddfd td d dfd td d dfg}|jtd|td|rtdptdS(NRlsRealm:RcisKDC:Rds Admin Server:ReRks"Use DNS to resolve hosts to realmsRs!Use DNS to locate KDCs for realmsRsKerberos SettingsR@RBR"(RIR R(RRR((s#/usr/share/authconfig/authconfig.pytgetKerberosSettingsvscCsdtdddfdtdddfg}|jjsKd|j_n|jtd |td td r|jj|jj|jjr|jjt n|jj r|jj t n|jj nt S( NRlsDomain Administrator:Ris Password:Rit Administrators Join SettingsRAR"( RIRfRRR)tsuspendRTRRRNRRtresume(RR((s#/usr/share/authconfig/authconfig.pytgetJoinSettingss     cCsdtdddfg}tj|j}|j|jjt}|jj|r|j td|tdtd}n|r|jj n|j t S(NRosSome of the configuration changes you've made should be saved to disk before continuing. If you do not save them, then your attempt to join the domain may fail. Save changes?s Save SettingstNotYes( RIR RKRgR9RTRfR,tdiffersRRRRN(RRt orig_infotret((s#/usr/share/authconfig/authconfig.pyRs    c Csddg}ddddddg}d }t||}d td d |fd tdddfd tdddfd tdddfd tdd|fg}|jtd|td|rtdptddtdd|jS(Ntadstdomains /sbin/nologins/bin/shs /bin/bashs /bin/tcshs/bin/kshs/bin/zshcSstj|tjS(N(RlRmRo(tshell((s#/usr/share/authconfig/authconfig.pyt shellexistssRnsSecurity Model:RRlsDomain:RisDomain Controllers:Rs ADS Realm:RsTemplate Shell:RsWinbind SettingsR@RBR"R}s Join DomainR~(tfilterRIRR(RRtsecuritytshellsRR((s#/usr/share/authconfig/authconfig.pytgetWinbindSettingss   *cCs:d}t}x!|dkr/|dkr/|jj|dkrO|j}n|dkr|jjr|jjp|jjp|jjp|jjp|jj p|jj }|j |}qn>|dkr-|jjs|jjr|jjp|jjp|jj p|jj }|j |}qn|dkr~|jjr|jjpf|jj pf|jj }|j |}qn|dkr|jjr|jj p|jj }|j|}qn?|dkr|jj s|jj rt}|j|}qn|jj|r"|d7}q|d8}qW|dkS( Niiiiiiii(R,RfRTRjRRRRRRRRRRRR(RRtrctmore((s#/usr/share/authconfig/authconfig.pyt getChoicessT                           cCsBtd|jj}tj|jtd|tdgdS(NsTo connect to a LDAP server with TLS protocol enabled you need a CA certificate which signed your server's certificate. Copy the certificate in the PEM format to the '%s' directory. Then press OK.R!R"(RIRft ldapCacertDirR'R(R)(RR.((s#/usr/share/authconfig/authconfig.pytdisplayCACertsMessages  cCs|jjrtSztj|_|j}|jjtd|jj dd|d|j s{|jj t S|j jr|j jr|jnWd|jj XtS(NsN / between elements | selects | next screenis - (c) 1999-2005 Red Hat, Inc.(RPR RNR't SnackScreenR)R6t pushHelpLineRIt drawRootTextRtfinishR,RfRRR(Rtpackageversion((s#/usr/share/authconfig/authconfig.pyRs    N(RRR6RR/RjR RRRRRRRRRRR(((s#/usr/share/authconfig/authconfig.pyRss    r_       - t__main__R5(RKtacutiltgettextRltsignalRtlgettextRItoptparseRRRt setlocaletLC_ALLRR'RRR+RRtSIGINTtSIG_DFLt textdomainR6RQR(((s#/usr/share/authconfig/authconfig.pyts,0     $