Faamaoniga PAM - SME Fesootaiga

Faʻasino lautele o le faʻasologa: Fesootaiga komepiuta mo SMEs: Faatomuaga

Talofa uo ma uo!

Faatasi ai ma lenei tusitusiga matou te manatu e ofoina atu se Vaaiga Aoao i le autu o le Faʻamaonia ala PAM. Ua matou masani i le faʻaaogaina o le matou Falefaigaluega ma le Linux / UNIX faʻagaioiga i aso taʻitasi ma i nai taimi matou te tuʻu ai e suʻesuʻe pe faʻafefea ona tupu le faʻamaoniga i taimi uma matou te amata ai se vasega. O tatou iloa le i ai o faʻamaumauga / etc / passwdma / etc / ata lafoia o loʻo aofia ai le faʻavae autu o Faʻamaoniga a le au faʻaoga a le atunuʻu. Matou te faʻamoemoe a maeʻa ona faitauina lenei faʻailoga o le a e maua -a laʻititi-se manatu manino i le auala e galue ai le PAM.

Authentication

Faʻamaoniga - mo mafuaʻaga aoga - o le auala e faʻamaonia ai se tagata faʻaaoga faʻasaga i se faiga. O le faʻamaoniga faiga e manaʻomia ai le i ai o se seti o faʻailoga ma agavaʻa - igoa faʻaigoa ma le upega tafaʻilagi - lea e faʻatusatusa i le faʻamatalaga teuina i totonu o se nofoaga autu o faʻamatalaga. Afai o faʻamaoniga ua faʻaalia e tutusa ma na teuina ma o loʻo faʻaaogaina le teugatupe a le tagata, o le tagata faʻaoga e fai mai moni manuia poʻo le manuia pasi le faʻamaoni.

Le taimi lava e faʻamaonia ai le tagata faʻaoga, o lena faʻamatalaga e pasi atu i le ulufale pulea auaunaga e faʻamautinoa ai mea e mafai e lena tagata faʻaaoga ona faia i le polokalama ma mea o loʻo ia latou aitalafu tatau ai faʻatagaga ia ulufale i ai.

O faʻamatalaga e faʻamaonia ai le tagata faʻaaoga e mafai ona teuina i faʻamatalaga faʻapitonuʻu i luga o le system, pe o le local system e mafai ona faʻasino i se database o loʻo i luga o se remote system, pei o le LDAP, Kerberos, NIS database, ma isi.

Ole tele o UNIX® / Linux operating system o loʻo iai mea faigaluega manaʻomia e faʻalelei ai le tagata o tausia / tautua tautua faʻamaoni mo ituaiga masani o faʻamatalaga a tagata e faʻaoga. O nisi o nei polokalame e iai a latou meafaʻatusa e pei o Red Hat / CentOS, SUSE / openSUSE, ma isi tufatufaga.

PAM: Faʻamaoniaina Pluggable Module

le Faiga e faʻaofiina mo le faʻamaoniaina Matou te faʻaaogaina i aso uma pe a matou ulufale i le matou Desktop ma se faʻagaioiga faʻavae e faʻavae i luga o Linux / UNIX, ma i le tele o isi taimi pe a matou ofi atu i le lotoifale poʻo le mamao tautua o loʻo iai se faʻapitoa vaʻaiga PAM module faaofiina mo le faʻamaoniaina faʻasaga i lena tautua.

O se aitia aoga pe faʻapefea ona faʻaofi le PAM Modules e mafai ona maua e ala ile setete o faʻasologa o faʻamaoniga en o le au Debian ma en isi ma CentOS e tatou te atinaʻeina i le isi.

Debian

Tusi

Afai matou te faʻapipiʻi le afifi libpam-doc o le a tatou maua se sili lelei faʻamaumauga tu i totonu o le faʻasino / usr / share / doc / libpam-doc / html.

root @ linuxbox: ~ # aptitude faʻapipiʻi libpam-doc
root @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /

E iai foʻi isi faʻamaumauga i luga ole PAM i tusi faʻasino.

root @ linuxbox: ~ # ls -l / usr / share / doc / | grep pam
drwxr-xr-x 2 root root 4096 Apr 5 21:11 libpam0g drwxr-xr-x 4 root root 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 root root 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 root root 4096 Apr 5 21:11 libpam-modules drwxr-xr-x 2 root root 4096 Apr 5 21:11 libpam-modules-bin drwxr-xr-x 2 root root 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 root root 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 root root 4096 Apr 5 21:31 python-pam

Matou te talitonu aʻo leʻi o atu e vaʻai faʻamaumauga i luga o le Initaneti, e tatau ona tatou iloiloina le tasi ua uma ona faʻapipiʻi poʻo le tasi e mafai ona tatou faʻapipiʻi saʻo mai faleoloa o loʻo iai faleoloa mo se mea ma i le tele o taimi tatou te kopiina ai i la tatou hard drive. O se faʻataʻitaʻiga o lenei:

root @ linuxbox: ~ # itiiti / usr / faasoa / doc / libpam-gnome-keyring / README
gnome-keyring o se polokalame e teu ai le password ma isi mea lilo mo tagata faʻaoga. E tamoʻe o se daemon i le sauniga, e tutusa ma ssh-sui sooupu, ma isi tusi faʻatulagaina mauaina e ala i se siʻosiʻomaga fesuiaʻiga poʻo se D-Bus. E mafai e le polokalame ona faʻatonutonu le tele o ki, e tofu ma lana lava upu faʻamau, ma e iai foʻi le sauniga ki e le tuʻuina i disk, ae faʻagaloina pe a maeʻa le sauniga. O le faletusi libgnome-keyring o loʻo faʻaaogaina e tusi apalai e tuʻufaʻatasia ma le GNOME keyring system.

O lena faʻaliliuga saoloto lava manaʻo e faʻailoa:

  • gnome-keyring o le polokalama e nafa ma le tausia o passwords ma isi mea lilo mo tagata faʻaoga. I sauniga taʻitasi e faʻatautaia ai o se daemon, e tai tutusa ma le ssh-agents, ma isi tusi apalai o loʻo maua i se siʻosiʻomaga - siʻosiʻomaga pe ala mai i le D-Bus. O le polokalama mafai ona taulimaina tele keyrings, taʻitasi ma lana lava upu faʻamau upu. E i ai foi le keyring sauniga e le taitai teuina i luga o le maa malo ma e galo pe a maeʻa le sauniga. Talosaga faʻaaoga le libgnome-keyring faletusi e tuʻufaʻatasia ma le GNOME keyring system.

Debian ma le Base Operating System

Matou amata mai se komepiuta lea matou faʻatoʻa faapipiiina Debian 8 "Jessie" o le Faʻagaioiga Faʻagaioiga ma i le taimi o lona faʻagasologa faʻagasologa matou filifilia na o le "Basic system utilities", e aunoa ma le makaina o seisi filifiliga e faʻapipiʻi galuega - galuega poʻo mea ua uma ona faʻamatalaina afifi e pei o le OpenSSH server. Afai a maeʻa le amataina o le sauniga muamua matou faʻatinoina:

aʻa @ matai: ~ # pam-auth-faʻafouina

o le a matou mauaina mea nei: Faamaoniga PAM - 01 Faamaoniga PAM - 02

 

 

Lea e faʻaalia mai ai ia matou naʻo le PAM Module o loʻo faʻaaoga e oʻo i lena taimi o le UNIX Authentication. Aoga pam-auth-faʻafouina faʻatagaina matou e faʻavasega le faʻavae tutotonu faʻamaonia tulafono mo se faiga pe a faʻaaogaina Predefined Profiles saunia e le PAM Modules. Mo nisi faʻamatalaga vaʻai man pam-auth-faʻafouina.

Talu ai matou te leʻi faʻapipiʻiina le server OpenSSH, o le a tatou le mauaina lana PAM module i le tusi faʻasino /etc/pam.d/, lea o le a aofia ai le PAM modules ma faʻamatalaga faʻapitoa aveina i luga i nei taimi:

aʻa @ matai: ~ # ls -l /etc/pam.d/
aofaʻi 76 -rw-r - r-- 1 aʻa aʻa 235 Sep 30 2014 atd -rw-r - r-- 1 aʻa aʻa 1208 Apr 6 22:06 masani-teugatupe -w-r - r-- 1 aʻa aʻa 1221 Ape 6 22:06 taatele-auth -rw-r - r-- 1 aʻa aʻa 1440 Ape 6 22:06 masani-upu faʻamau -rw-r - r-- 1 aʻa aʻa 1156 Ape 6 22:06 masani-sauniga -rw-r - r-- 1 aʻa aʻa 1154 Apr 6 22:06 masani-sauniga-noninteractive -rw-r - r-- 1 aʻa aʻa 606 Jun 11 2015 cron -rw-r - r - 1 aʻa aʻa 384 Nov 19 2014 chfn -rw-r - r-- 1 aʻa aʻa 92 Nov 19 2014 chpasswd -rw-r - r-- 1 aʻa aʻa 581 Nov 19 2014 chsh -rw-r-- 1 - aʻa aʻa 4756 Nov 19 2014 login -rw-r - r-- 1 aʻa aʻa 92 Nov 19 2014 newusers -rw-r - r-- 1 aʻa aʻa 520 Jan 6 2016 isi -rw-bor -r-- 1 aʻa aʻa 92 Nov 19 2014 passwd -rw-r - r-- 1 aʻa aʻa 143 Mar 29 2015 runuser -rw-r - r-- 1 aʻa aʻa 138 Mar 29 2015 runuser-l -rw -r - r-- 1 aʻa aʻa 2257 Nov 19 2014 su -rw-r - r-- 1 aʻa aʻa 220 Sep 2 2016 systemd-tagata

Mo se faʻataʻitaʻiga, faʻaaogaina le PAM module /etc/pam.d/chfn o le faiga configures le tautua ata, a o maeʻa /etc/pam.d/cron ua faʻatulagaina le daemon cron. Ina ia aʻoaʻo atili e mafai ona tatou faitau i mea o nei faila taʻitasi e sili ona aʻoaʻoina. O se faʻataʻitaʻiga matou te tuʻuina atu i lalo o le aano o le module /etc/pam.d/cron:

aʻa @ matai: ~ # itiiti /etc/pam.d/cron
# Le faila faʻatulagaina PAM mo le cron daemon

@ aofia ai masani-auth

# Faʻatulagaina le loginuid process atribut session manaʻomia pam_loginuid.so # Faitau siʻosiʻomaga fesuiaʻiga mai pam_env's lefaʻamau faila, / etc / siosiomaga # ma /etc/security/pam_env.conf. sauniga manaʻomia pam_env.so # I se faʻaopopoga, faitau faiga faʻamatalaga nofoaga nofoaga sauniga manaʻomia pam_env.so envfile = / etc / faaletonu / nofoaga

@ aofia ai masani-teugatupe
@ aofia ai masani-sauniga-le fesoʻotaʻi 

# Faʻatutu tapulaʻa a le au faʻaoga, faʻamolemole faʻamalamalama tapulaʻa mo galuega cron # e ala i /etc/security/limits.conf session manaʻomia pam_limits.so

O le faʻasologa o faʻamatalaga i totonu o faila taʻitasi e taua. I se tulaga lautele, matou te le fautuaina le suia o se tasi o ia mea seʻi vagana ua matou iloa lelei mea o tatou faia.

Debian ma faʻavae OS + OpenSSH

root @ master: ~ # aptitude faʻapipiʻi le task-ssh-server
O afifi FOU nei o le a faʻapipiʻiina: openssh-server {a} openssh-sftp-server {a} task-ssh-server

O le a matou faʻamaonia o le PAM module na faʻaopopoina ma faʻasaʻo saʻo ssh:

aʻa @ matai: ~ # ls -l /etc/pam.d/sshd 
-rw-r - r-- 1 aʻa aʻa 2133 Jul 22 2016 /etc/pam.d/sshd

Afai matou te fia iloa le aano o lena talaʻaga:

aʻa @ matai: ~ # itiiti /etc/pam.d/sshd

I nisi upu, pe a tatou taumafai e amata se mamao sauniga mai se isi komepiuta faʻaaogaina ssh, faʻamaoniga luga o le komipiuta i le lotoifale e faia e ala i le PAM module ssh mafuli, aunoa ma le faʻagaloina le isi faʻatagaga ma puipuiga itu e aofia ai i le ssh tautua faʻapea.

I le pasi atu, matou te faʻaopopoina o le autu faʻamau faila o lenei tautua o / etc / ssh / sshd_config, ma o le mea sili ia Debian o loʻo faʻapipiʻiina e aunoa ma le faʻatagaina o fesoʻotaʻiga tagata faʻaoga login aʻa. Ina ia faʻatagaina, e tatau ona tatou suia le faila / etc / ssh / sshd_config ma suia le laina:

PermitRootLogin aunoa ma le password

e

PermitRootLogin ioe

ona toe amata lea ma siaki le tulaga o le tautua i le:

aʻa @ matai: ~ # systemctl toe amata le ssh
aʻa @ matai: ~ # systemctl tulaga ssh

Debian ma le LXDE desktop

Matou te faʻaauau pea i le au lava e tasi - matou te suia o latou igoa pe igoa faʻailoga e le "pusa linux»Mo le lumanaʻi faʻaaogaina- lea na maeʻa ai ona faʻapipiʻi le LXDE Desktop. Tatou tamoʻe pam-auth-faʻafouina ma o le a matou mauaina mea nei: Faamaoniga PAM - 03 Faamaoniga PAM - 04

 

O le polokalama ua maeʻa faʻatagaina uma Talaʻaga -Modules- talafeagai mo le faʻamaonia saʻo i le taimi o le faʻapipiʻiina o le LXDE desktop, o mea ia o loʻo mulimuli mai:

  • UNIX Faʻamaoniga Module.
  • Faiga e faʻamaumau ai vasega a tagata i le Hierarchical Control Group o le faatulagaga.
  • GNOME Keyring Daemon Module
  • Matou te faʻaaogaina lenei avanoa e fautua atu ai i mea uma, pe a fesiligia matou "PAM profiles e mafai ai", matou te filifilia le filifiliga Vagana ua tatou iloa lelei le mea o tatou faia. Afai tatou te suia le faʻatulagaina o le PAM e otometi lava ona faia e le Operating System lava ia, e mafai ona tatou faʻaleaogaina le ulufale i luga o le komipiuta.

I mataupu ua taua i luga, o loʻo matou talanoa ai Faamaoniga i le lotoifale poʻo Faʻamaoniga faʻasaga i le komepiuta i le lotoifale pe a tupu pe a tatou amataina se mamao sauniga e ala i ssh.

Afai matou te faʻaogaina se metotia a Faamaonia maotua i le au a le lotoifale Mo tagata faʻaoga ma latou agavaʻa ua teuina i se mamao mamao OpenLDAP server poʻo se Active Directory, o le a amanaʻia e le polokalama le ituaiga fou o faʻamaoniga ma o le a faʻaopopoina ai le PAM modules talafeagai.

Faila autu

  • / etc / passwd: Faʻamatalaga o Teugatupe a Tagata
  • / etc / ata lafoia: Faʻamatalaga saogalemu o Faʻamatalaga a le Tagata
  • /etc/pam.conf: Faila e tatau ona faʻaaoga pe a fai e le oi ai le tusi faʻasino /etc/pam.d/
  • /etc/pam.d/: Faʻasino upu e faʻapipiʻi ai polokalame ma tautua a latou PAM modules
  • /etc/pam.d/passwd: PAM faʻatulagaina mo sese.
  • /etc/pam.d/common-account: Faʻatagaina tapulaʻa masani i auaunaga uma
  • /etc/pam.d/common-auth: Faʻailogaina tapulaʻa masani i auaunaga uma
  • /etc/pam.d/common-password: PAM modules masani i tautua uma e fesoʻotaʻi ma passwords - passwords
  • /etc/pam.d/common-session: PAM modules masani i auaunaga uma e fesoʻotaʻi ma tagata faʻaaoga sauniga
  • /etc/pam.d/common-session-noninteractive: PAM modules masani i auaunaga uma e fesoʻotaʻi ma le fesoʻotaʻi sauniga poʻo e le manaʻomia le faʻaaogaina e tagata, pei o galuega e faʻatinoina i le amataga ma le faʻaiuga o le le fesoʻotaʻi vasega.
  • / usr / share / doc / passwd /: Tusitusiga faʻamaumauga.

Matou te fautuaina le faitauina o tusi lesona o sese y ata lafoia ui tamaloa pasi y tamaloa ata. E maloloina foi le faitau i mea o faila masani-teugatupe, masani-auth, masani-passwrod, masani-sauniga y masani-sauniga-le fesoʻotaʻi.

PAM modules avanoa

Ina ia maua se aitia o le PAM modules avanoa muamua I le tulaga masani teu Debian, tatou tamoe:

buzz @ linuxbox: ~ $ aptitude saili libpam

O le lisi e umi ma o le a matou faʻaalia na o le modules e faʻaalia ai le tele o lona:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Tusi sau oe lava faaiuga.

CentOS

Afai i le taimi o le faapipiiina gaioiga tatou filifilia le filifiliga «Tuʻufaʻatasia ma GUI«, O le a matou mauaina se tulaga lelei e faʻatino ai auaunaga eseese mo le SME Network. E le pei o Debian, CentOS / Red Hat® o loʻo ofaina se faʻasologa o faʻamafanafanaga ma meafaʻata ata e faʻafaigofie ai le olaga mo se System poʻo le Network Administrator.

Tusi

Faʻapipiʻi e ala i le le pasi, matou te mauaina i le tusi faʻasino.

[root @ linuxbox ~] # ls -l /usr/share/doc/pam-1.1.8/
aofaʻi 256 -rw-r - r--. 1 aʻa aʻa 2045 Jun 18 2013 Puletaofia drwxr-xr-x. 2 aa aa 4096 Aper 9 06:28 HTML
-rw-r - r--. 1 aʻa aʻa 175382 Nov 5 19:13 Linux-PAM_SAG.txt -rw-r - r--. 1 aʻa aʻa 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. 2 aa aa 4096 Aper 9 06:28 txt
[root @ linuxbox ~] # ls /usr/share/doc/pam-1.1.8/txts/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit README. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail README .amoa

Ioe, matou te taʻua foi le au a le CentOS "linuxbox" pei o Debian, lea o le a tautuaina matou mo tala o lumanai i SMB Networks.

CentOS ma le GNOME3 GUI

A matou filifilia le filifiliga «Tuʻufaʻatasia ma GUI«, O le GNOME3 Desktop ma isi aoga ma faʻavae polokalame ua faʻapipiʻiina e atiaʻe se server. I le tulaga faʻamafanafanaina, ia iloa le tulaga o le faʻamaoniga tatou te faʻatinoina:

[root @ linuxbox ~] # authconfig-tui

Faamaoniga PAM - 05
Matou te faʻamaonia e naʻo le PAM modules manaʻomia mo le taimi nei le faʻatulagaina o le server e mafai ai, e oʻo lava i se module e faitau ai tamatamailima, o se faʻamaoniga faiga tatou te maua i nisi faʻataʻitaʻiga o Laptops.

CentOS ma le GNOME3 GUI na ofi atu i le Microsoft Active Directory

Faamaoniga PAM - 06 E pei ona matou vaʻaia, o manaʻoga talafeagai ua faʻaopopoina ma mafai -winbind- mo le faʻamaonia faʻasaga i se Active Directory, aʻo matou e faʻamutaina ma le faʻateteʻa le module e faitau ai tamatamaʻi lima, aua e le manaʻomia.

I se lumanaʻi tusitusiga o le a tatou auiliiliina faʻafefea ona auai i le CentOS 7 tagata faʻatau i le Microsoft Active Directory. E naʻo le mea faigaluega matou te faʻamoemoeina taʻutaʻua-gtk O le faʻapipiʻiina o afifi talafeagai, faʻatulagaina o le otometi fausiaina o faʻamaumauga a le au faʻaoga o loʻo faʻamaonia i le lotoifale, ma le gaioiga lava ia o le auai atu i le tagata o tausia le Domain of a Active Directory ua matua faʻaaogaina. Masalo a maeʻa le iuni, o le a manaʻomia le toe amataina o le komepiuta.

Faila autu

O faila e faʻatatau i le CentOS Authentication o loʻo i totonu o le tusi faʻasino /etc/pam.d/:

[Root @ linuxbox ~] # ls /etc/pam.d/
atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk isi smtp.postfix authconfig-tui passwd sshd config-util password-auth su crond password-auth-ac sudo ipu pluto sudo-i chfn polkit-1 su-l chsh postlogin system-auth fingerprint-auth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-authentication gdm-autologin remote systemd-user gdm-fingerprint runuser vlock gdm-launch-environment runuser-l vmtoolsd gdm-password samba xserver gdm-pin setup gdm-smartcard smartcard-auth

PAM modules avanoa

O loʻo iai matou fale teuoloa faavae, centosplus, epel, y faafouga. I totonu o na mea tatou te maua ai -i totonu o isi- o vaega nei o loʻo faʻaaogaina ai tulafono yum su'esu'e pam-yum search pam_ma yum su'esu'e libpam:

nss-pam-ldapd.i686: O se nsswitch module o loʻo faʻaaoga ai le aufaʻatonu nss-pam-ldapd.x86_64: O se nsswitch module e faʻaaoga ai tusi faʻasino ovirt-tagata-asiasi-sui-sui-pam. module86. -kwallet.x64_86: PAM module mo KWallet pam_afs_session.x64_86: AFS PAG ma AFS faʻailoga i login pam_krb64.i5: A Pluggable Authentication Module mo Kerberos 686 pam_krb5.x5_86: A Pluggable Authentication Module mo Kerberos 64 pam_ma5 86 authentication mo le Kerberos 64 pam_ber86 64 faʻamaonia mo le Kerberos 11 pam_ber686 11 faʻamaonia mo ala MAPI faʻasaga i le Zarafa server pam_oath.x11_86: O le PAM module mo pluggable login login mo OATH pam_pkcs64.i11: PKCS # 86 / NSS PAM login module pam_pkcs64.x86_64: PKCS # 686 / NSS PAM login module pam_radius.x86_64: PAM Module mo RADIUS Faʻamaoniga pam_script.x86_64: PAM module mo le faʻatinoina o tusitusiga pam_snapper.i686: PAM module mo le valaʻau o le snapper pam_snapper.x86_64: PAM module mo le valaʻau o snapper pam_ssh.x86_64: PAM module mo le faʻaaogaina o SSH ki ma ssh-agents pam_ssh_agent_86 64: PAM module mo le faʻamaoniaina ma ssh-agents pam_ssh_agent_auth.x86_64: PAM module mo le faʻamaoniaina ma ssh-agents pam_url.x86_64: PAM module e faʻamaonia ai ma HTTP servers pam_wrapper.x86_64: O se mea faigaluega e suʻesuʻe ai PAM talosaga ma PAM modules pam_yubico.x86_64: O se Pluggable Authentication Module mo yubikeys libpamtest-doc.x86_64: O le libpamtest API faʻamaumauga python-libpamtest.xXNUMX_XNUMX: O se afifi python mo libpamtest libpamtest.xXNUMX_XNUMX: O se mea faigaluega e suʻe ai PAM talosaga ma PAM modules libpamtest-devel tool.xXNUMX_ PAM talosaga ma PAM ata

Aotelega

E taua le i ai o sina malamalama o le poto e uiga i le PAM pe a fai tatou te mananaʻo ia malamalama i se tulaga lautele pe faʻafefea ona faʻamaonia le faʻatinoina i taimi uma tatou te ulufale ai i la matou Linux / UNIX komipiuta. E taua foʻi le iloa e naʻo le Local Authentication e mafai ai ona tatou tuʻuina atu tautua i isi komupiuta i se laʻititi SME network e pei o le Proxy, Mail, FTP, ma isi mea, e faʻatauaina uma i luga o le server e tasi. Uma muamua auaunaga -ma tele isi pei ona matou vaʻaia muamua- maua a latou PAM module.

Punaoa faʻatalanoa

Lomiga PDF

Lalotoso i le vaega PDF iinei.

Seia oʻo i leisi mataupu!

Tusitala: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico


O mataupu o le tusitusiga e tausisi ia tatou mataupu silisili o amio lelei faʻatonu. E lipotia se mea sese kiliki iinei.

6 manatu, tuʻu lau

Tuʻu lau faamatalaga

o le a le lomia lou tuatusi imeli.

*

*

  1. E tali atu mo faʻamatalaga: Miguel Ángel Gatón
  2. Faamoemoega o faʻamatalaga: Pulea le SPAM, faʻamatalaga pulega.
  3. Tulaga faʻatulafonoina: Lau maliega
  4. Fesoʻotaʻiga o faʻamatalaga: O faʻamatalaga o le a le fesoʻotaʻi atu i isi vaega vagana i tulafono faʻatulafonoina.
  5. Teuina o faʻamatalaga: Faʻamaumauga tuʻufaʻatasia e Occentus Networks (EU)
  6. Aia Tatau: I soo se taimi e mafai ai ona e faʻatapulaʻaina, toe maua ma aveʻese au faʻamatalaga.

  1.   pili malo

    O se auiliiliga auiliiliga tusitusiga i luga o le faʻamaoniga faʻaaogaina PAM, ou te taʻutino atu ou te leʻi iloa auiliili le faʻagaioiga o le faʻamaonia ma le numera le gata o sili auiliiliina ma malupuipuia talosaga e mafai ona matou avatu ia te oe. Lenei o se sili tusitusiga e faʻatagaina oe e vaʻai faalemafaufau i le lautele o le PAM Faʻamaonia, lea e mafai foi ona i ai le tele o sini i SMEs.

    Tasi le sili atu o au sili foaʻi, faʻafetai lava mo ia lelei Fico Mea

  2.   Faalilolilo malo

    Faafetai mo lau faamatalaga, lau pele Luigys. O le mafuaʻaga o le tusitusiga o le tatalaina lea o mafaufau o le aufaitau e uiga i le PAM ma ana vaega. Ou te manatu ua manuia le tulaga.
    I le ala ou te taʻuina atu ai ia te oe o manatu e le o oʻo mai ia te aʻu i le meli.

  3.   Feterika malo

    hehehe, na galo ia te aʻu ona tusia laʻu tuatusi imeli i le tala muamua. Ole mea lena na ala ai ona sau i fafo Anonymous. 😉

  4.   HO2GI malo

    Tusitusiga sili, pei ona masani.

  5.   tagata faʻaaoga malo

    Aʻoaʻo Federico, sa ou feagai ma le PAM sili atu ma le tasi ma ou te fiafia tele i le ata, e aoga tele le mafai ona faʻaofi galuega i matau e faʻatagaina, mo se faʻataʻitaʻiga o le mea mulimuli na ou faia o le REST API i Python / Fagu o loʻo aoina mai ai logins ma logoff o tagata faʻaoga i laʻu vaega (style uso matua, ia iloa mea uma), talu ai latou te le mateia le mea na ou tuʻuina ai ni telefoni e faʻamalamalamaina le api? Ioe ioe, ma le PAM.

  6.   Feterika malo

    Faʻafetai HO2GI mo le iloiloga o le pou.
    Dhunter: Toe faatalofa. E pei ona masani ona e faia mea sili ona manaia. E leai se mea, o lenei pou o se tasi o mea ou te lisiina "e tatalaina mafaufau."