Te Motuhēhēnga o te PAM - Whatunga SME

Taupū whanui o te raupapa: Tuihono Rorohiko mo nga SME: Whakataki

Kia ora e hoa ma, e hoa ma!

Ma tenei tuhinga e hiahia ana matou ki te toha i tetahi Tirohanga mo te kaupapa Motuhēhēnga katoa WFP. He maama ta maatau ki te whakamahi i ta maatau Papa Mahi me te punaha whakahaere Linux / UNIX i ia ra, a i etahi waa ka mutu taatau ki te ako me pehea te tikanga motuhēhēnga ka tiimata ana i te wātū. Kei te mohio taatau ki te noho o nga koputu / etc / passwda / etc / atarangi koinei te maatapuna matua o nga Tiwhikete Motuhanga Motuhake a nga kaiwhakamahi o te rohe. Ko te tumanako i muri i te panui i tenei panui ka mohio koe - he iti ake te whakaaro mo te mahi a te PAM.

Motuhēhēnga

Te motuhēhēnga - mō ngā take whaihua - te huarahi e manatokohia ai te kaiwhakamahi ki tetahi punaha. Ko te hātepe whakamotuhēhēnga me mātua tae mai te huinga tuakiri me ngā tohu pono - ingoa kaiwhakamahi me te kupuhipa - ka whakatairite ki nga korero kua penapenahia ki roto i te putunga korero. Mena ko nga tohu e whakaatuhia ana he rite ki era e penapena ana me te mahi a te kaute a te kaiwhakamahi, e kiia ana ko te kaiwhakamahi tūturu angitu i angitu te paahitanga o te whakamotuhēhē.

Ka whakamanahia te kaiwhakamahi, ka tukuna nga korero ki te ratonga mana uru ki te whakatau he aha te mahi a taua kaiwhakamahi i te punaha me nga rauemi kei a ia te nama whakaaetanga ki te whakauru ki a raatau.

Ko nga korero hei tirotiro i te kaiwhakamahi ka taea te penapena i roto i nga putunga rohe o te punaha, ka taea ranei e te punaha o te takiwa te korero ki tetahi putunga korero kei runga i tetahi punaha mamao, penei i te LDAP, Kerberos, nga papaunga NIS, aha atu.

Ko te nuinga o nga punaha whakahaere UNIX® / Linux he taputapu e tika ana hei whirihora i te ratonga whakatutukitanga a te kaihoko / kaitoha mo nga momo kohinga raraunga kaiwhakamahi noa. Ko etahi o aua punaha he tino taputapu whakairoiro penei i te Whero Whero / CentOS, SUSE / openSUSE, me etahi atu tohatoha.

PAM: Tohu Whakatikatika Motuhake

te Kōwae e whakauruhia ana hei Motuhēhēnga Ka whakamahia e maatau i ia ra ka uru atu maatau ki ta maatau Papamahi me te punaha whakahaere i runga i te Linux / UNIX, me etahi atu waa ka uru atu maatau ki nga ratonga tuuturu, ki nga waahi mamao ranei e whai kiko ana te PAM. whakauruhia mo te motuhēhēnga ki taua ratonga.

Ko te whakaaro whaihua me pehea te Whakauru i nga Momo PAM ka taea te tiki mai i roto i te raupapa a-kawanatanga Tuhinga o mua en he roopu Debian me en tetahi me CentOS e whanakehia ana e tatou i muri.

Debian

Tuhinga

Mena ka whakauruhia e maatau te putea libpam-tuhinga he tuhinga tino pai kei i te raarangi / usr / tohatoha / tuhinga / libpam-doc / html.

pakiaka @ linuxbox: ~ # aptitude whakauru libpam-doc
pakiaka @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /

He maha ano nga tuhinga kei runga i te PAM kei roto i nga raarangiararangi.

pakiaka @ linuxbox: ~ # ls -l / usr / tohatoha / tuhinga / | grep pam
drwxr-xr-x 2 pakiaka pakiaka 4096 Apr 5 21:11 libpam0g drwxr-xr-x 4 pakiaka pakiaka 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 pakiaka pakiaka 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 pakiaka pakiaka 4096 Apr 5 21:11 libpam-modules drwxr-xr-x 2 root root 4096 Apr 5 21:11 libpam-modules-bin drwxr-xr-x 2 root root 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 pakiaka pakiaka 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 pakiaka pakiaka 4096 Apr 5 21:31 python-pam

Ki ta maatau i mua i te rapu tuhinga i runga i te Ipurangi, me arotake e tatou tetahi o nga mea kua oti te whakauru, te mea ranei ka taea e taatau te whakauru tika mai i nga pupuritanga o te papatono e waatea ana mo tetahi mea, me te nuinga o nga waa ka taarua e taatau ki ta maatau kopae-nui. Ko te tauira o tenei e whai ake nei:

pakiaka @ linuxbox: ~ # iti / usr / tohatoha / tuhinga / libpam-gnome-keyring / README
gnome-keyring he kaupapa pupuri i te kupuhipa me etahi atu muna mo nga kaiwhakamahi. Ka whakahaerehia hei daemon i te waahi, he rite ki te ssh-agents, me etahi atu tono ka kitea ma te taurangi taiao, te D-Bus ranei. Ka taea e te hotaka te whakahaere i etahi whakamaanatanga, ma ia ake ake kupuhipa matua, ana kei kona tetahi koki matua kaore e penapena ki te kopae, engari ka warewarehia ka mutu ana te huihuinga. Ko te liblibome-keyring o te wharepukapuka e whakamahia ana e nga tono hei whakauru ki te punaha paatene GNOME.

Ko taua whakamaoritanga he tino hiahia ki te whakaputa:

  • Ko te gnome-keyring te kaupapa hei tiaki i nga kupuhipa me etahi atu muna mo nga kaiwhakamahi. I ia huihuinga ka rere hei daemon, he rite ki te ssh-agents, me etahi atu tono kei roto i te taurangi taiao - taiao ma te D-Bus ranei. Ka taea e te hotaka te hapai i etahi whakamaanatanga, ma ia ake tohu kupu matua. He waahi taapiri ano kaore e penapena ki te kopae pakeke ka warewarehia ka mutu ana te waahi. Ka whakamahi nga tono i te wharepukapuka kī-kore ki te whakauru ki te punaha Kakano GNOME.

Debian me te Punaha Whakahaere Papa

Ka tiimata mai i te rorohiko ka whakauruhia atu a Debian 8 "Jessie" hei punaha Whakahaerewa me tana waahanga whakauru ka tohua e maatau ko nga "punaha punaha punaha" anake, me te kore tohu i etahi atu waahanga hei whakauru mahi - mahi nga kohinga kua tautuhia ranei penei i te kaiwhakarato OpenSSH. Mena i muri i te tiimata i te huihuinga tuatahi ka mahia e maatau:

pakiaka @ rangatira: ~ # pam-auth-whakahou

ka whiwhi maatau e whai ake nei: Te Motuhēhēnga o te PAM - 01 Te Motuhēhēnga o te PAM - 02

 

 

E whakaatu ana ki a maatau ko te PAM PAI anake e whakamahia ana tae atu ki taua wa ko te UNIX Motuhēhēnga. Mahinga pam-auth-whakahou taea ai e taatau te whakarite i te kaupapa here tuturu mo te punaha ka whakamahi i nga Tohu Kua Tautuhia e nga PAM Modules Mo etahi atu korero tirohia tangata pam-auth-whakahou.

I te mea kaore ano kia whakauruhia te kaituku OpenSSH, kaore e kitea tana waahanga PAM i te raarangi /etc/pam.d/, kei roto nei nga waahanga PAM me nga tohu ka utaina tae atu ki enei waa:

pakiaka @ rangatira: ~ # ls -l /etc/pam.d/
tapeke 76 -rw-r - r-- 1 pakiaka pakiaka 235 Sep 30 2014 atd -rw-r - r-- 1 pakiaka pakiaka 1208 Apr 6 22:06 noa-kaute -e -rw-r - r-- 1 pakiaka pakiaka 1221 Apr 6 22:06 noa-auth -rw-r - r-- 1 pakiaka pakiaka 1440 Apr 6 22:06 noa-kupuhipa -rw-r - r-- 1 pakiaka pakiaka 1156 Apr 6 22:06 hui-noa -Rw-r - r-- 1 pakiaka pakiaka 1154 Apr 6 22:06 noa-waahi-kore-honohono -Rw-r - r-- 1 pakiaka pakiaka 606 Jun 11 2015 cron -rw-r - r - 1 pakiaka pakiaka 384 Nov 19 2014 chfn -rw-r - r-- 1 pakiaka pakiaka 92 Nov 19 2014 chpasswd -rw-r - r-- 1 pakiaka pakiaka 581 Nov 19 2014 chsh -rw-r-- r-- 1 pakiaka pakiaka 4756 Nov 19 2014 takiuru -wha-r - r-- 1 pakiaka pakiaka 92 Nov 19 2014 nga tangata hou -whaa - r-- 1 pakiaka pakiaka 520 Hanuere 6 2016 etahi atu -w-rn -r-- 1 pakiaka pakiaka 92 Nov 19 2014 passwd -rw-r - r-- 1 pakiaka pakiaka 143 Poutu te Rangi 29 2015 runuser -rw-r - r-- 1 pakiaka pakiaka 138 Maehe 29 2015 runuser-l -rw -r - r-- 1 pakiaka pakiaka 2257 Nov 19 2014 su -rw-r - r-- 1 pakiaka pakiaka 220 Sep 2 2016 systemd-kaiwhakamahi

Hei tauira, ma te whakamahi i te waahanga PAM /etc/pam.d/chfn whirihora te punaha i te ratonga Kōruru, i roto i /etc/pam.d/cron kua whirihorahia te daemon cron. Kia ako iti ake nei ka taea e taatau te panui i nga korero o ia konae e tino whai kiko ana. Hei tauira ka hoatu e matou ki raro nga korero o te waahanga /etc/pam.d/cron:

pakiaka @ rangatira: ~ # iti iho /etc/pam.d/cron
# Ko te konae whirihoranga PAM mo te daemon cron

@ka uru ki te mana-noa

# Ka tautuhia te waahi huanga huanga tukatuka e hiahiatia ana pam_loginuid.so # Panuihia nga taurangi taiao mai i nga konae taunoa a pam_env, / etc / taiao # me /etc/security/pam_env.conf. wātū hiahiatia pam_env.so # Hei taapiri, panuihia te waahi korero mo te waahi korero mo te huihuinga pam_env.so envfile = / etc / taunoa / waahi

@ whakauru te kaute-noa
@ka uru ki te-nohoanga-kore-korerorero 

# Ka tautuhia nga rohe a te kaiwhakamahi, tena koa tautuhia nga rohe mo nga mahi cron # tae atu ki /etc/security/limits.conf session e hiahiatia ana pam_limits.so

Ko te raupapa o nga whakapuakanga i roto i ia konae, he mea nui. I nga korero whanui, kaore matou e tūtohu kia whakarereke i tetahi o aua mea ki te kore e tino mohio ki ta maatau mahi.

Debian me te turanga OS + OpenSSH

pakiaka @ rangatira: ~ # maramataka ki te whakauru i nga mahi-ssh-server
Ko nga kohinga HOU e whai ake nei ka whakauruhia: Opensh-server {a} openssh-sftp-server {a} task-ssh-server

Ka whakaatuhia e maatau ko te waahanga PAM i taapirihia me te whirihora tika sshd:

pakiaka @ rangatira: ~ # ls -l /etc/pam.d/sshd 
-rw-r - r-- 1 pakiaka pakiaka 2133 Jul 22 2016 /etc/pam.d/sshd

Mena e hiahia ana maatau ki te mohio ki nga korero o taua whakaaturanga:

pakiaka @ rangatira: ~ # iti iho /etc/pam.d/sshd

I etahi atu kupu, ka ngana ana maatau ki te tiimata i tetahi waahanga mamao mai i tetahi atu rorohiko ma te whakamahi SSH, ko te motuhēhēnga kei runga i te rorohiko ā-rohe mā te kōwae PAM sshd te nuinga, me te kore e warewarehia etahi atu waahanga whakamana me te ahuru kei roto i te ratonga ssh penei.

I te paahitanga, ka tapiritia e maatau ko te konae whirihoranga matua o tenei ratonga / etc / ssh / sshd_config, ana ko te mea iti rawa atu ki a Debian kua whakauruhia ma te taunoa me te kore e whakaae ki te whakauru a te kaiwhakamahi whakawhitiwhiti pakiaka. Kia pai ai, me whakarereke te konae / etc / ssh / sshd_config huri i te raina:

PermitRootLogin kore-kupuhipa

e

Whakaaetanga WhakauruAho ae

ka tiimata ano ka tirotiro i te tuunga o te ratonga ma:

pakiaka @ rangatira: ~ # systemctl restsh ssh
pakiaka @ rangatira: ~ # systemctl status ssh

Debian me te papamahi LXDE

Ka haere tonu taatau me taua kapa - ka huri o maatau ingoa ingoa ingoa e "pouaka rorohiko»Mo te whakamahi a muri ake- i mutu ai ta maatau whakauru i te Papamahi LXDE. Me oma pam-auth-whakahou a ka riro mai i a maatau nga putanga e whai ake nei: Te Motuhēhēnga o te PAM - 03 Te Motuhēhēnga o te PAM - 04

 

Kua oti i te punaha te whakahoaho i nga Panui -Modules katoa- e tika ana mo te motuhēhēnga tika i te wa e whakauru ana te papamahi LXDE, e whai ake nei:

  • UNIX Tohu Motuhēhēnga
  • Tohu e tuhi ana i nga huihuinga a te kaiwhakamahi ki te Roopu Whakahaere Hierarchical o te pūnaha.
  • GNOME Kaupapa Daemon Kaupapa
  • Ka whai waahi maatau ki te taunaki, i nga wa katoa, ka paataihia mai ki a maatau nga "PAM profiles kia taea ai", ka tohua e maatau te waahanga ki te kore e tino mohio taatau e mahi nei. Mena ka hurihia e maatau te whirihoranga PAM na te punaha Whakahaere tonu e mahi, ka taea e taatau te whakakore i te whakauru ki te rorohiko.

I roto i enei keehi e korero ake nei matou Motuhēhēnga Rohe te Motuhēhēnga kei runga i te rorohiko o te rohe ka rite ana ka tiimata ana i taatau waahanga mamao SSH.

Ki te whakatinana tatou i tetahi tikanga o Motuhēhēnga mamao i roto i te roopu o te rohe Mo nga kaiwhakamahi me o raatau tohu kei te penapena ki tetahi kaitoha OpenLDAP mamao, i roto ranei i te Whaiaronga Hohe, ka whakaarohia e te punaha te ahua hou o te motuhēhēnga ka tāpiri i nga waahanga PAM e tika ana.

Kōnae Matua

  • / etc / passwd: Mōhiohio Pūkete Kaiwhakamahi
  • / etc / atarangi: Nga korero Haumaru o nga Kaute Kaiwhakamahi
  • /etc/pam.conf: Kōnae me whakamahi noa mena kaore i te whaiaronga te whaiaronga /etc/pam.d/
  • /etc/pam.d/: Whaiaronga kei reira nga hotaka me nga ratonga e whakauru ana i a raatau tohu PAM
  • /etc/pam.d/passwd: Whirihoranga PAM mo Tuhinga o mua.
  • /etc/pam.d/common-account: Nga tawhitinga Whakaaetanga he rite ki nga ratonga katoa
  • /etc/pam.d/common-auth: Nga awhe Motuhēhēnga noa ki nga ratonga katoa
  • /etc/pam.d/common-password: Ko nga waahanga PAM e pa ana ki nga ratonga katoa e pa ana ki nga kupuhipa - kupuhipa
  • /etc/pam.d/common-session: Ko nga waahanga PAM e pa ana ki nga ratonga katoa e pa ana ki nga nohoanga a nga kaiwhakamahi
  • /etc/pam.d/common-session-noninteractive: Ko nga waahanga PAM e pa ana ki nga ratonga katoa e pa ana ki nga waahanga whakawhiti-kore ranei kaore e hiahiatia te whakauru a te kaiwhakamahi, penei i nga mahi e mahia ana i te tiimatanga me te mutunga o nga huihuinga kore-whakawhiti.
  • / usr / toha / tuhinga / passwd /: Whaiaronga Tuhinga.

Ka tūtohu mātou ki te panui i nga whaarangi a Tuhinga o mua y atarangi mediante tangata passwd y atarangi tangata. He hauora ano ki te panui i nga tuhinga o nga konae pūkete-noa, noa-auth, noa-passwrod, huihuinga-noa y huihuinga-noa-kore.

Kei te waatea nga waahanga PAM

Kia pai ai te whakaatu mo nga waahanga PAM he priori I roto i te putunga paerewa Debian, ka whakahaerehia e maatau:

buzz @ linuxbox: ~ $ aptitude rapu libpam

He roa te raarangi ka whakaatuhia noa nga waahanga e whakaatu ana i te whanui:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Tuhia o ake whakatau.

CentOS

Mena i te wa o te whakauru ka tohua e maatau te waahanga «Tūmau me te GUI«, Ka whiwhi maatau i tetahi papa pai hei whakamahi i nga momo ratonga mo te Whatunga SME. Kaore i te rite ki a Debian, CentOS / Red Hat® he tohatoha papatohu me nga taputapu whakairoiro kia maama ai te ora mo te Kaiwhakahaere Whakahaere Whatunga ranei.

Tuhinga

Kua whakauruhia ma te taunoa, ka kitea i te raarangi.

[root @ linuxbox ~] # ls -l /usr/share/doc/pam-1.1.8/
katoa 256 -rw-r - r--. 1 pakiaka pakiaka 2045 Jun 18 2013 Copyright drwxr-xr-x. 2 pakiaka pakiaka 4096 Apr 9 06:28 html
-rw-r - r--. 1 pakiaka pakiaka 175382 Nov 5 19:13 Linux-PAM_SAG.txt -rw-r - r--. 1 pakiaka pakiaka 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. 2 pakiaka pakiaka 4096 Apr 9 06:28 Tuhinga
[root @ linuxbox ~] # ls /usr/share/doc/pam-1.1.8/teks/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit README. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail README .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README README.pam_issue README.pam_mkhomedir README.pam_rootok README.pam_tally2 README.pam_wheel READMEad

Ae, ka kiia hoki ko te kapa CentOS "linuxbox" penei ano me Debian, ka mahi mai mo nga tuhinga a SMB Networks a muri ake nei.

CentOS me te GNOME3 GUI

Ka tohua ana e maatau i te wa e whakauru ana te whiringa «Tūmau me te GUI«, Ko te Papamahi GNOME3 me etahi atu taputapu me nga kaupapa turanga kua whakauruhia hei whakawhanake i tetahi kaituku. I te taumata papatohu, kia mohio ai koe ki te mana motuhaketanga e mahia ana e maatau:

[root @ linuxbox ~] # authconfig-tui

Te Motuhēhēnga o te PAM - 05
Ka whakatauhia e maatau ko nga waahanga PAM anake e tika ana mo te whirihoranga kaitoha o naianei e whakahohetia ana, ara he waahanga hei panui i nga tapumatua, he punaha whakamana ka kitea i etahi tauira o te Rorohiko.

Kua uru a CentOS me GNOME3 GUI ki tetahi Whaiaronga Hohe a Microsoft

Te Motuhēhēnga o te PAM - 06 Kei te kite taatau, kua taapirihia nga waahanga e tika ana -mekameka- mo te motuhēhēnga ki te Whaiaronga Hohe, i a maatau e whakakore ana i te waahanga ki te panui i nga tapumatua, na te mea kaore e tika.

I roto i tetahi tuhinga a muri ake nei ka taipitopito ta maatau pehea e hono ai ki te kaihoko CentOS 7 ki te Whaiaronga Hohe Microsoft. Ka tumanako noa maatau ki te whakamahi i te taputapu honohono-gtk Ko te whakauru i nga kohinga e tika ana, ko te whirihora i te waihanga aunoa i nga whaiaronga a nga kaiwhakamahi rohe e whakamana ana i te rohe, me te waahi ki te whakauru atu ki te kaihoko ki te Rohe o tetahi Whaiaronga Hohe e tino mahi ana. Akene i muri i te uniana, me whakahou ano te rorohiko.

Kōnae Matua

Ko nga konae e pa ana ki te CentOS Motuhēhēnga kei roto i te raarangi /etc/pam.d/:

[root @ linuxbox ~] # ls /etc/pam.d/
atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk other smtp.postfix authconfig-tui passwd sshd config-util password-auth su crond password-auth-ac sudo kapu pluto sudo-i chfn polkit-1 su-l chsh postlogin system-auth tapumati-auth postlogin-ac system-auth-ac tapumuri-auth-ac ppp punaha-whirihora-whakatuturutanga xserver gdm-pin tatūnga gdm-smartcard smartcard-auth

Kei te waatea nga waahanga PAM

Kei a matou nga whare putunga turanga, centosplus, epel, y whakahōunga. I roto i a raatau ka kitea -mai etahi atu- nga waahanga e whai ake nei ma te whakamahi i nga whakahau yum rapu pam-yum rapu pam_a yum rapu libpam:

nss-pam-ldapd.i686: He waahanga nsswitch e whakamahi ana i nga kaitohu whaiaronga nss-pam-ldapd.x86_64: He waahanga nsswitch e whakamahi ana i nga kaitohu whaiaronga ovirt-manuhiri-kaihoko-pam-module.x86_64: module PAM mo te oVirt Manuhiri Kaihauturu Pam -kwallet.x86_64: kōwae PAM mo te KWallet pam_afs_session.x86_64: tohu AFS PAG me AFS i runga i te takiuru pam_krb5.i686: He Tohu Whakaaetanga Whakatoi mo nga Kerberos 5 pam_krb5.x86_64: He Kaupapa Motuhake Motuhake mo te kaupapa Kerberos 5 pam_ma86_ ma te MAPI ki te kaitoha Zarafa pam_oath.x64_86: He waahanga PAM mo te motuhēhētanga whakaurutanga mo te OATH pam_pkcs64.i11: PKCS # 686 / NSS PAM takiuru kōwae pam_pkcs11.x11_86: PKCS # 64 / NSS PAM kōwae takiuru pam_radius.x11_86: PAM Kōwae mo RADIUS Motuhēhēnga pam_script.x64_86: kōwae PAM hei whakahaere tuhinga aupuri pam_snapper.i64: kōwae PAM mo te karanga ka hopuapuku pam_snapper.x686_86: kōwae PAM mo te karanga i nga kaipupuri pam_ssh.x64_86: kōwae PAM hei whakamahi me nga taviri SSH me nga ssh-agents pam_ssh_agent_64 686: kōwae PAM mo te motuhēhēnga me te ssh-agents pam_ssh_agent_auth.x86_64: kōwae PAM mo te motuhēhēnga me te ssh-agents pam_url.x86_64: kōwae PAM hei whakamana me nga tūmau HTTP pam_wrapper.x86_64: He taputapu hei whakamatautau i nga tono PAM me nga tohu PAM pam_yubico.x86_64: He Tohu Whakaaetanga Whakatoi mo te yubikeys libpamtest-doc.x86_64: Ko te tuhinga API libpamtest python-libpamtest.x86_64: He takai takai python mo te libpamtest libpamtest.x86_64: He taputapu hei whakamatautau i nga tono PAM me nga waahanga PAM libpamtest-devel.x86 taputapu Nga tono PAM me nga waahanga PAM

Whakarāpopoto

He mea nui kia iti noa nga mohiotanga mo te PAM mena kei te pirangi taatau kia maarama whanui te pehea e tutuki ai te Motuhaketanga i nga wa katoa ka uru atu tatou ki ta maatau rorohiko Linux / UNIX. He mea nui kia mohio ano ma te Motuhēhēnga Rohe ka taea ai e taatau te whakarato ratonga ki etahi atu rorohiko i te whatunga SME iti penei i te Takawaenga, Mera, FTP, me era atu, i te katoa o te kaituku. Katoa nga ratonga o mua -a he maha atu ano i ta maatau i kite ai i mua- kei a raatau a raatau waahanga PAM.

I korerohia nga korero

Putanga PDF

Tangohia te tuhinga PDF Here.

Tae noa ki te tuhinga o muri!

Kaituhi: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico


Ko nga korero o te tuhinga e piri ana ki o maatau kaupapa o matatika whakatika. Ki te ripoata i tetahi paatene paato Here.

6 korero, waiho maau

Waiho to korero

Ka kore e whakaputaina tō wāhitau īmēra. Kua tohua ngā āpure e hiahiatia ana ki *

*

*

  1. He kawenga mo nga raraunga: Miguel Ángel Gatón
  2. Te kaupapa o te raraunga: Whakahaerehia te SPAM, te whakahaere korero.
  3. Ture: To whakaae
  4. Whakawhitinga korero: Kaore nga korero e tukuna ki nga taha tuatoru engari ma te ture herenga.
  5. Rokiroki raraunga: Paetukutuku e whakahaerehia ana e Occentus Networks (EU)
  6. Tika: I nga wa katoa ka taea e koe te whakaiti, te whakaora me te muku i o korero.

  1.   lagarto ka mea

    He tuhinga tino taipitopito mo te whakamotuhēhēnga ma te whakamahi i te PAM, e kii ana ahau kaore au i te mohio taipitopito ki te whakahaere motuhēhēnga me te maha mutunga o nga tono taipitopito me te haumaru ka taea e matou te hoatu ki a koe. He tuhinga pai tenei ka taea e koe te tiro i te whanui o te Motuhēhēnga o te PAM, he maha hoki nga whaainga i roto i nga SME.

    Kotahi ano o o koha nui, he mihi nui ki a koe mo nga Mea Pai Fico

  2.   ingoamuna ka mea

    Mauruuru mo o korero, e nga Luigys. Ko te kaupapa o te tuhinga nei kia tuwhera nga hinengaro o nga kaipānui ki te PAM me ona waahanga. Ki taku mahara kua angitu te pou.
    Ma te huarahi e whakamohio atu ai ahau ki a koe kaore nga korero i tae atu ki ahau i runga i teera.

  3.   kaikaiwhenua ka mea

    lol, kua wareware ahau ki te tuhi i taku wahitau imeera ki nga korero o mua. Koira te take ka puta mai a Anonymous. 😉

  4.   HO2GI ka mea

    Tuhinga pai, pera tonu.

  5.   Pūoro ka mea

    E tino ako ana a Federico, me mahi au ki te PAM neke atu i te kotahi ana taku whakamoemiti ki te hoahoa, he mea tino pai ki te whakauru i nga mahi ki nga matau e ahei ana, hei tauira ko te mea whakamutunga i mahia e au ko te REST API i te Python / Flask e kohi ana. nga takiuru me te hainatanga a nga kaiwhakamahi o taku rohe (te taina tuakana, kia mohio ki nga mea katoa), na te mea kaore ratou e tohu i hea au e karanga ai ki te tuku korero ki te api? Ae ra, me te PAM.

  6.   kaikaiwhenua ka mea

    Mauruuru HO2GI mo te arotake o te pou.
    Dhunter: Tena koutou. Mai i nga wa katoa kei te mahi koe i nga mea tino pai. Kaore he aha, ko tenei whakairinga tetahi o nga mea e whakararangihia ana e au "kia puare nga hinengaro."