Xaqiijinta PAM - Shabakadaha SME

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Waad salaaman tihiin asxaabta iyo asxaabta!

Maqaalkan waxaan ugu tala galnay inaan ku siino Dulmar guud mawduuca Hubinta iyada oo loo marayo PAM. Waxaan u isticmaalnay inaan u isticmaalno Workstation-keena Linux / UNIX nidaamka hawlgalka maalin kasta waxaana marar dhif ah u istaagnaa inaan daraasad ku sameyno sida habka aqoonsigu u dhaco markasta oo aan bilowno fadhi. Ma ognahay jiritaanka kaydadka / etc / passwdiyo / iwm / hooska Taasi waxay ka kooban tahay keydka ugu weyn ee Aqoonsiga Aqoonsiga ee isticmaalayaasha maxalliga ah. Waxaan rajeyneynaa in markaad aqriso qoraalkan aad yeelan doonto - uguyaraan - fikrad cad oo ku saabsan sida PAM u shaqeyso.

Xaqiijinta

Xaqiijinta - ujeedooyin wax ku ool ah - waa habka adeegsadaha looga xaqiijiyo nidaamka. Nidaamka aqoonsiga wuxuu u baahan yahay jiritaanka nooc aqoonsi iyo caddeyn ah - username iyo password - kuwaas oo la barbar dhigo macluumaadka ku kaydsan keydka macluumaadka. Haddii shahaadooyinka la soo bandhigay ay la mid yihiin kuwa la keydiyay oo koontada isticmaalaha ay shaqeyneyso, isticmaaleha ayaa la sheegay inuu yahay dhab ah si guul leh ama guul leh ku dhaafay xaqiijinta.

Marka adeegsadaha la xaqiijiyo, macluumaadkaas waxaa loo gudbiyaa adeegga xakamaynta helitaanka si loo go'aamiyo waxa isticmaaluhu ku sameyn karo nidaamka iyo ilaha ay ku leeyihiin oggolaansho si loo helo.

Macluumaadka lagu xaqiijinayo adeegsadaha waxaa lagu keydin karaa keydka keydka ee nidaamka, ama nidaamka maxalliga ah wuxuu tixraaci karaa xog-ururin hore uga jirtay nidaamka fog, sida LDAP, Kerberos, NIS database, iyo wixii la mid ah.

Inta badan nidaamyada hawlgalka ee UNIX® / Linux waxay leeyihiin qalab lagama maarmaan u ah in lagu hagaajiyo adeegga xaqiijinta macmiilka / server-ka noocyada ugu caansan ee keydka macluumaadka. Qaar ka mid ah nidaamyadan waxay leeyihiin qalab garaaf ah oo aad u dhameystiran sida Red Hat / CentOS, SUSE / openSUSE, iyo qeybin kale.

PAM: Module Aqoonsiga la iibsan karo

ka Moduleyaal la geliyay si loo xaqiijiyo Waxaan u isticmaalnaa iyaga maalin kasta markaan u galno Desktopkeena nidaamka qalliinka ee ku saleysan Linux / UNIX, iyo munaasabado kale oo badan markaan helno adeegyo maxalli ah ama kuwa fog oo leh qaab PAM oo maxalli ah la geliyey si loo xaqiijiyo adeeggaas.

Fikrad wax ku ool ah oo ku saabsan sida loo geliyo Qeybaha PAM waxaa lagu heli karaa iyada oo loo marayo taxanaha gobolka sugida en koox la socota Debian iyo en kale oo leh CentOS in aan horumariyo xiga.

Debian

Dukumentiyada

Haddaan xirmada xirno libpam-doc waxaan haysan doonnaa dukumiinti aad u wanaagsan oo ku yaal galka / usr / share / doc / libpam-doc / html.

xididka @ linuxbox: ~ # aptitude rakibi libpam-doc
xididka @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /

Waxaa sidoo kale jira dukumiinti dheeraad ah oo ku saabsan PAM oo ku jira tusaha:

xididka @ linuxbox: ~ # ls -l / usr / share / doc / | salaax pam
drwxr-xr-x 2 xididka xididka 4096 Apr 5 21:11 libpam0g drwxr-xr-x 4 xididka xididka 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 xididka 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 xididka xididka 4096 Apr 5 21:11 libpam-modules drwxr-xr-x 2 xididka xididka 4096 Apr 5 21:11 libpam-modules-bin drwxr-xr-x 2 xididka xididka 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 xididka xididka 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 xididka xididka 4096 Apr 5 21:31 python-pam

Waxaan aaminsanahay ka hor raadinta dukumiintiyada internetka, waa inaan dib u eegno midka horay loo rakibay ama midka aan toos uga rakibi karno bakhaarada barnaamijka ee jira waxna marar badana waxaan kuqornaa kumbuyuutarkeena adag. Tusaalaha tani waa kuwan soo socda:

xididka @ linuxbox: ~ # ka yar / usr / share / doc / libpam-gnome-keyring / README
gnome-keyring waa barnaamij xafida sirta iyo sirta kale dadka isticmaala. Waxaa loo maamulaa sidii daemon fadhiga, oo la mid ah ssh-agent, iyo codsiyada kale waxay ku helaan iyada oo loo marayo jawiga deegaanka ama D-Bus. Barnaamijku wuxuu maamuli karaa dhowr fure, mid walbana wuxuu leeyahay lambarkiisa sirta ah, sidoo kale waxaa jira kalfadhi keyring ah oo aan waligiis lagu keydin karin disk, laakiin la ilaaway markii kalfadhigu dhammaado. Maktabadda libgnome-keyring waxaa adeegsada codsiyada si loogu dhexgalo nidaamka keymeynta GNOME.

Tarjumaadda ayaa si xorriyad leh u dooneysa inay muujiso:

  • gnome-keyring waa barnaamijka loo xil saaray ilaalinta sirta iyo sirta kale ee isticmaalayaasha. Kulan kasta waxaa loo maamulaa sidii daemon, oo la mid ah ssh-agent, iyo codsiyada kale ee ku yaal jawiga deegaanka - ama D-Bus. Barnaamijku wuxuu xamili karaa dhowr fure, mid walbana wuxuu leeyahay eraygiisa sirta ah. Waxa kale oo jira kalfadhi furaha oo aan waligiis lagu kaydin diskiga adag oo la ilaawo marka kalfadhigu dhammaado. Codsiyada waxay adeegsadaan maktabadda libgnome-keyring si ay ula falgalaan nidaamka furaha GNOME..

Debian leh Nidaamka Howlgalka ee Saldhigga

Waxaan ka bilaabeynaa kumbuyuutar aan hadda ku rakibnay Debian 8 "Jessie" oo ah Nidaamka Hawlgalka inta lagu guda jiro howsha rakibidda waxaan dooranaynaa oo keliya "adeegyada aasaasiga u ah", annaga oo aan calaamadeynin xulasho kale oo lagu rakibo howlaha. hawlaha ama baakado horay loo sii cayimay sida server-ka OpenSSH. Haddii ka dib markaan bilowno casharka koowaad aan fulino:

xididka @ master: ~ # pam-auth-cusbooneysiin

waxaan heli doonaa wax soo saarka soo socda: Xaqiijinta PAM - 01 Xaqiijinta PAM - 02

 

 

Taas ayaa ina tusinaysa in Module-ka PAM ee kaliya ee la isticmaalo ilaa daqiiqadaas uu yahay Xaqiijinta UNIX. Adeeg pam-auth-cusbooneysiin waxay noo ogolaaneysaa inaanu ku habeeyno nidaamka xaqiijinta bartamaha nidaamka markii la isticmaalayo Profiles-ka Profiles ee ay bixiyaan Module-yada PAM. Wixii macluumaad dheeraad ah eeg nin pam-auth-cusbooneysiin.

Maaddaama aynaan weli rakibin server-ka OpenSSH, kama heli doonno module-keeda PAM galka / iwm/pam.d/, kaas oo ka koobnaan doona modules PAM iyo astaamaha lagu shubay daqiiqadahan:

xididka @ sayidka: ~ # ls -l /etc/pam.d/
wadar ahaan 76 -rw-r - r-- 1 xidid xidid 235 Sep 30 2014 atd -rw-r - r-- 1 xidid xidid 1208 Apr 6 22:06 xisaab-wadaag -rw-r - r-- 1 xididka xididka 1221 Apr 6 22:06 common-auth -rw-r - r - 1 xididka xididka 1440 Apr 6 22:06 root-password -rw-r - r - 1 xidid xidid 1156 Apr 6 22:06 root-session -rw-r - r-- 1 xidid xidid ah 1154 Apr 6 22:06 wada-fadhi-aan-dhex-gal ahayn -rw-r - r - 1 xidid xidid 606 Jun 11 2015 cron -rw-r - r - 1 xidid xidid ah 384 Nov 19 2014 chfn -rw-r - r-- 1 xidid xidid 92 Nov 19 2014 chpasswd -rw-r - r - 1 xidid xidid 581 Nov 19 2014 chsh -rw-r-- r-- 1 xidid xidid 4756 Nov 19 2014 login -rw-r - r-- 1 xidid xidid 92 Nov 19 2014 newusers -rw-r - r-- 1 xidid xidid 520 Jan 6 2016 kale -rw-r- -r-- 1 xidid xidid 92 Nofeembar 19 2014 passwd -rw-r - r-- 1 xidid xidid 143 Mar 29 2015 runuser -rw-r - r - 1 xidid xidid 138 Mar 29 2015 runuser-l -rw -r - r-- 1 xidid xidid 2257 Nov 19 2014 su -rw-r - r-- 1 xidid xidid 220 Sep 2 2016 systemd-user

Tusaale ahaan, adoo adeegsanaya moduleka PAM /etc/pam.d/chfn nidaamku wuxuu qaabeeyaa adeegga Shadow, inta loo marayo /etc/pam.d/cron daemon ayaa loo habeeyay text. Si aan wax yar uga baranno waxaan aqrin karnaa waxa uu ka kooban yahay mid kasta oo ka mid ah feylashaasi oo ah mid wax lagu barto. Muunad ahaan waxaan ku siinaynaa hoosta nuxurka moduleka /etc/pam.d/cron:

xididka @ sayidka: ~ # ka yar /etc/pam.d/cron
# Faylka qaabeynta PAM ee loogu talagalay daroon

Ku dar dadka caadiga ah

# Wuxuu dejiyaa kalfadhiga sifeynta ee habka loo adeegsado ee loo baahan yahay pam_loginuid.so # Akhriso doorsoomayaasha deegaanka ee ka imanaya faylasha caadiga ah ee pam_env, / iwm / deegaanka # iyo /etc/security/pam_env.conf. fadhiga loobaahanyahay pam_env.so # Intaas waxaa sii dheer, aqriso kalfadhiga macluumaadka kusaabsan nidaamka deegaanka pam_env.so envfile = / etc / default / locale

Ku dar xisaab-wadaag
Ku dar fadhiyada caadiga ah ee aan firfircooneyn 

# Waxay dejisaa xadka isticmaalaha, fadlan qeex xaddidnaanta howlaha cron # iyada oo loo marayo /etc/security/limits.conf fadhiga loo baahan yahay pam_limits.so

Sida ay u kala horreeyaan caddaymaha ku jira faylal kasta waa muhiim. Marka la eego guud ahaan, kuma talineyno in wax laga beddelo midkoodna illaa aan si fiican u ogaanno waxa aan qabaneyno mooyee.

Debian leh salka OS + OpenSSH

root @ master: ~ # aptitude rakibi task-ssh-server
Xirmooyinka soosocda ee soo socda ayaa la rakibi doonaa: openssh-server {a} openssh-sftp-server {a} task-ssh-server

Waxaan xaqiijin doonnaa in moduleka PAM lagu daray oo si sax ah loo qaabeeyay sshd:

xididka @ sayidka: ~ # ls -l /etc/pam.d/sshd 
-rw-r - r-- 1 xidid xidid 2133 Jul 22 2016 /etc/pam.d/sshd

Haddii aan rabno inaan ogaano waxa ku jira astaantaas:

xididka @ sayidka: ~ # yar /etc/pam.d/sshd

Si kale haddii loo dhigo, markaan isku dayno inaan ka bilowno kalfadhi fog kombiyuutar kale iyadoo la isticmaalayo ssh, xaqiijinta kombiyuutarka maxalliga ah waxaa lagu sameeyaa habka 'PAM module' sshd badiyaa, adigoon ilaawin ogolaanshaha kale iyo dhinacyada amaanka ee kujira adeega ssh sida oo kale.

Marka aan gudubno, waxaan ku darnaa feylka isku xirnaanta ee adeeggan inuu yahay / etc / ssh / sshd_config, iyo in ugu yaraan Debian lagu rakibay si toos ah iyada oo aan loo oggolaan soo galitaanka isticmaalaha isdhexgalka xidid. Si loo oggolaado, waa inaan wax ka beddelnaa feylka / etc / ssh / sshd_config oo beddel khadka:

PermitRootLogin-la'aan

by

PermitRootLogin haa

ka dibna dib u bilow oo hubi heerka adeegga adoo:

xididka @ sayidka: ~ # systemctl dib u bilaw ssh
xididka @ master: ~ # systemctl status ssh

Debian oo leh desktop-ka LXDE

Waxaan la sii soconaa isla kooxdii - waxaan badaleynaa magacooda ama magaca aqalka waxaa qoray "sanduuqa Linux»Adeegsiga mustaqbalka - kaas oo aan ku dhamaynay rakibida Miisaanka LXDE. Aynu orodno pam-auth-cusbooneysiin waxaana heli doonaa wax soo saarka soosocda: Xaqiijinta PAM - 03 Xaqiijinta PAM - 04

 

Nidaamku wuxuu horeyba awood u siiyay dhammaan Profiles -Modules - lagama maarmaanka u ah xaqiijinta saxda ah inta lagu jiro rakibidda desktop-ka LXDE, kuwaas oo ah kuwa soo socda:

  • UNIX Module Module.
  • Module diiwaangeliya kalfadhiyada isticmaale ee Kooxda Xakamaynta Hierarchical ee systemd.
  • GNOME Keyring Daemon Module
  • Waxaan fursadan uga faa'iideysaneynaa inaan kugula talinno in kiisaska oo dhan, markii naloo weydiiyo "Astaamaha PAM si aan u awoodno", waxaan doorannaa ikhtiyaarka Ilaa aynaan sifiican u ogaan waxa aan qabaneyno. Haddii aan beddelno qaabeynta PAM ee uu otomaatigga u sameeyo Nidaamka Hawlgalku laftiisa, waxaan si fudud u joojin karnaa soo galitaanka kombiyuutarka.

Xaaladaha kor ku xusan waxaan ka hadlaynaa Hubinta Deegaanka ama HUBIN ka dhan ah kombiyuutarka maxalliga ah sida ku dhacda markaan bilowno kalfadhi fog ssh.

Hadaan hirgalino hab ah Aqoonsiga Remote kooxda deegaanka Isticmaalayaasha wata shahaadooyinkooda aqoonsiga ee ku kaydsan serverka OpenLDAP ee fog ama Diiwaanka Firfircoon, nidaamku wuxuu tixgelin siin doonaa foomka cusub ee aqoonsiga wuxuuna ku dari doonaa modules PAM lagama maarmaanka ah.

Faylasha ugu muhiimsan

  • / etc / passwd: Macluumaadka Koontada Isticmaalaha
  • / iwm / hooska: Macluumaadka Sugan ee Xisaabaadka Isticmaalaha
  • / iwm / pam.conf: Faylka la isticmaali karo oo keliya haddii galka uusan jirin / iwm/pam.d/
  • / iwm/pam.d/: Tusaha ay barnaamijyada iyo adeegyadu ku rakibaan qaybtooda 'PAM modules'
  • /etc/pam.d/passwd: Qaabeynta PAM ee loogu talagalay passwd.
  • /etc/pam.d/ xisaab-wadaag: Xaddidaadaha oggolaanshaha ee ka dhexeeya dhammaan adeegyada
  • /etc/pam.d/ caadi-auth: Xaddidaadaha xaqiijinta ee ay wadaagaan dhammaan adeegyadu
  • /etc/pam.d/ kommon-password: Moduleyaasha PAM ee guud ee dhammaan adeegyada la xiriira furaha sirta ah - furayaasha
  • /etc/pam.d/ kulan-caadi ah: Modules PAM oo wadaaga dhammaan adeegyada laxiriira kulamada isticmaalaha
  • /etc/pam.d/ kulan-caadi ah-aan firfircooneyn: Modules PAM oo wadaaga dhammaan adeegyada laxiriira kal-fadhiyada aan is-dhexgalka galeyn ama aan ubaahneyn faragelinta isticmaalaha, sida howlaha laqabto bilowga iyo dhamaadka kalfadhiyada aan is-dhexgalka gaarin.
  • / usr / share / doc / passwd /: Diiwaanka dukumintiyada.

Waxaan kugula talineynaa aqrinta boggaga gacanta passwd y hooskii iyada oo loo marayo nin passwd y nin hadh. Sidoo kale waa caafimaad in la akhriyo waxyaabaha ku jira faylasha xisaab-wadaag, wadaag-wadaag, wadaag-wadaag, fadhi caadi ah y fadhi-wadaag-aan-firfircooneyn.

Modules PAM ayaa la heli karaa

Si aad fikrad uga hesho qaababka PAM ee la heli karo ahmiyadda Bakhaarka caadiga ah ee Debian, waxaan ku soconnaa:

buzz @ linuxbox: ~ $ aptitude search libpam

Liistadu way dheer tahay oo waxaan ka turjumeynaa uun qaybaha muujiya inta ay le'eg tahay:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Gunaanad adiga kuu gaar ah.

CentOS

Haddii inta lagu jiro hawsha rakibida aan doorano ikhtiyaarka «Server leh GUI«, Waxaan heli doonnaa barxad wanaagsan oo lagu hirgeliyo adeegyo kala duwan oo loogu talagalay Shabakadda SME. Si ka duwan Debian, CentOS / Red Hat® waxay bixisaa taxane ah qalab iyo garaaf garayn ah oo nolosha u fududeynaya Nidaamka ama Maamulaha Shabakadda.

Dukumentiyada

Waxaa lagu rakibay qaab ahaan, waxaan ka helnaa galka:

[xididka @ Linux_ ~] # ls -l /usr/share/doc/pam-1.1.8/
guud ahaan 256 -rw-r - r--. 1 xididka xididka 2045 Jun 18 2013 Xuquuqda daabacaadda drwxr-xr-x. 2 xididka xididka 4096 Apr 9 06:28 html
-rw-r - r--. 1 xididka xididka 175382 Nofeembar 5 19:13 Linux-PAM_SAG.txt -rw-r - r--. 1 xididka xididka 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. 2 xididka xididka 4096 Apr 9 06:28 txts
[xididka @ Linux_ ~] # ls /usr/share/doc/pam-1.1.8/txts/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit README. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail README .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README.pam_issue README.pam_mkhomedir README.pam_rootok READM.

Haa, waxaan sidoo kale ugu yeernaa kooxda CentOS "linuxbox" sida Debian oo kale, oo noogu adeegi doonta maqaalada mustaqbalka ee Shabakadaha SMB.

CentOS leh GNOME3 GUI

Markaan dooranno ikhtiyaarka «Server leh GUI«, The GNOME3 Desktop iyo yutiilitida kale iyo barnaamijyada aasaasiga ah ayaa lagu rakibay si loo horumariyo server. Heerka qunsuliyada, si loo ogaado heerka xaqiijinta aan fulino:

[xididka @ Linux_ ~] # authconfig-tui

Xaqiijinta PAM - 05
Waxaan hubineynaa in kaliya modules PAM ee lagama maarmaanka u ah qaabeynta server-ka hadda jira ay karti u leeyihiin, xitaa qayb ka mid ah akhriska faraha, nidaam xaqiijin oo aan ka helno moodooyinka qaar ee Laptops-ka.

CentOS oo leh GNOME3 GUI waxay ku biirtay Microsoft Active Directory

Xaqiijinta PAM - 06 Sida aan aragno, modullada lagama maarmaanka ah waa lagu daray oo la shaqeeyay -qallalan- xaqiijinta ka soo horjeedka Diiwaanka Firfircoon, halka aan si kas ah u joojineyno moduleka si aan u aqrino faraha, maxaa yeelay muhiim maahan.

Maqaalka mustaqbalka waxaan si faahfaahsan uga hadli doonnaa sida loogu biiro macmiilka CentOS 7 Diiwaanka Firfircoon ee Microsoft. Waxaan kaliya rajeyneynaa taas iyada oo loo marayo qalabka autoconfig-gtk Ku rakibida xirmooyinka lagama maarmaanka ah, qaabeynta sameynta otomaatiga ah ee tusayaasha isticmaaleyaasha dejista ee deegaanka ka xaqiijinaya, iyo nidaamka laftiisa ku biirista macmiilka ee Domain of Active Directory si aad ah ayey otomaatig u tahay. Waxaa laga yaabaa in midowga kadib, ay noqon doonto oo kaliya lagama maarmaan in dib loo bilaabo kumbuyuutarka.

Faylasha ugu muhiimsan

Faylasha la xiriira Xaqiijinta CentOS waxay ku yaalliin galka / iwm/pam.d/:

[xididka @ linuxbox ~] # ls /etc/pam.d/
atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk other smtp.postfix authconfig-tui passwd sshd config-util password-auth su crond password-auth-ac sudo cup pluto sudo-i chfn polkit-1 su-l chsh postlogin nidaamka-auth faraha-auth postlogin-ac system-auth-ac faraha-auth-ac ppp system-config-authentication gdm-autologin fog systemd-user gdm-fingerprint runuser vlock gdm-launch-deegaanka runuser-l vmtoolsd gdm-password samba xserver gdm-pin dejinta gdm-smartcard smartcard-auth

Modules PAM ayaa la heli karaa

Waxaan haynaa keyd salka, xarunta, y updates. Iyaga dhexdooda waxaan ka dhex helnaa -wax badan oo ka mid ah- qaybaha soo socda iyadoo la adeegsanayo amarrada yum raadinta pam-yum raadinta pam_iyo yum raadinta libpam:

nss-pam-ldapd.i686: Module nsswitch ah oo adeegsada serverka hagaha nss-pam-ldapd.x86_64: Module nsswitch ah oo adeegsada serverka diiwaanka ovirt-martida-wakiilka-pam-module.x86_64: PAM moduleka oVirt Guest Agent pam -kwallet.x86_64: Module PAM oo loogu talagalay KWallet pam_afs_session.x86_64: AFS PAG iyo AFS tokens on login pam_krb5.i686: Module Hubsiin La Isugeyn karo oo loogu talagalay Kerberos 5 pam_krb5.x86_64: A Module is aqoonsi iyada oo loo marayo MAPI oo ka soo horjeedda serverka Zarafa pam_oath.x5_86: Module PAM ah oo loogu talagalay xaqiijinta gelitaanka gelitaanka ee OATH pam_pkcs64.i86: PKCS # 64 / NSS PAM moduleka lagu galo pam_pkcs11.x686_11: PKCS # 11 / NSS PAM login module pam_ule RADIUS Authentication pam_script.x86_64: Module PAM oo loogu talagalay fulinta qoraallada pam_snapper.i11: PAM module loogu yeero snapper pam_snapper.x86_64: Module PAM loogu yeerayo snapper pam_ssh.x86_64: Module PAM loogu talagalay furayaasha SSH iyo ssh-agent pam_ss 686: Module PAM si loo xaqiijiyo ssh-agent pam_ssh_agent_auth.x86_64: Module PAM si loo xaqiijiyo ssh-agent pam_url.x86_64: Module PAM si loo xaqiijiyo HTTP server pam_wrapper.x686_86: Qalab lagu tijaabiyo barnaamijyada PAM iyo PAM modules pam_yubico: A Module Authentication Module oo loogu talagalay yubikeys libpamtest-doc.x64_86: Dukumentiyada libpamtest API python-libpamtest.x64_86: Qalab lagu duubo oo loo yaqaan 'libpamtest libpamtest.x64_86: Qalab lagu tijaabiyo codsiyada PAM iyo modules PAM libpamtest-devel.x64_86: A to a Codsiyada PAM iyo modules PAM

Resumen

Waa muhiim inaad haysato ugu yaraan aqoonta ku saabsan PAM haddii aan dooneyno inaan si guud u fahamno sida loo xaqiijiyo Habka markasta oo aan u galno kombiyuutarkeena Linux / UNIX. Waxa kale oo muhiim ah in la ogaado in kaliya marka la xaqiijiyo Local aan ku siin karno adeegyo kombiyuutaro kale shabakad yar oo SME ah sida Proxy, Mail, FTP, iwm. Dhammaan adeegyadii hore - iyo qaar kaloo badan oo aan horay u soo aragnay - waxay leeyihiin qaybtooda PAM.

Ilaha laga tashaday

Nooca PDF

Kala soo bax nooca PDF-ka ah Halkan.

Ilaa maqaalka soo socda!

Qore: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico


Nuxurka maqaalka wuxuu u hogaansamayaa mabaadi'deena anshaxa tifaftirka. Si aad u soo sheegto khalad guji Halkan.

6 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa.

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   qorraxda dijo

    Maqaal aad u faahfaahsan oo ku saabsan xaqiijinta adoo adeegsanaya PAM, waxaan qirayaa inaanan si faahfaahsan u ogeyn hawlgallada xaqiijinta iyo tirada aan dhammaadka lahayn ee codsiyada faahfaahsan oo xasilloon ee aan ku siin karno. Kani waa maqaal aad u wanaagsan oo kuu oggolaanaya inaad aragto baaxadda Aqoonsiga PAM, oo sidoo kale yeelan kara ujeedooyin badan oo ku saabsan SMEs.

    Mid ka mid ah wax ku biirintaada weyn, aad ayaad ugu mahadsantahay sida wanaagsan ee Fico Material

  2.   si qarsoodi ah dijo

    Waad ku mahadsantahay faalladaada, Luigys gacaliye. Ujeeddada maqaalku waa in la furo maskaxda akhristayaasha ku saabsan PAM iyo qaybteeda. Waxaan u maleynayaa in boostada lagu guuleystay.
    Sida aan kuugu sheegayo in faallooyinka aysan igu soo gaarin boostada.

  3.   federico dijo

    lol, waan ilaaway inaan ku qoro cinwaanka emaylkeyga faallooyinkii hore. Taasi waa sababta Anonymous u soo baxo. 😉

  4.   HO2GI dijo

    Maqaal weyn, sida had iyo jeer.

  5.   ka fogaansho dijo

    Aad u waxbarid leh Federico, waa inaan wax ka qabtaa PAM wax ka badan hal mar waana jeclahay naqshadeynta, waa wax aad u faa'iido badan inaan awood u yeesho inaan dhex geliyo shaqooyinka qabsatooyinka ay u oggolaaneyso, tusaale ahaan wixii iigu dambeeyay ee aan sameeyay wuxuu ahaa REST API ee Python / Flask oo aruuriya logins iyo logoff ee isticmaaleyaasha shabakadeyda (qaabka walaalkiis weyn, si aad wax walba u ogaato), maaddaama aysan qiyaasi karin meesha aan u diro wicitaannada si aan ugu wargaliyo api? Hagaag haa, oo leh PAM.

  6.   federico dijo

    Waad ku mahadsan tahay HO2GI qiimeynta boostada.
    Dhunter: Salaan mar labaad. Sida had iyo jeer aad sameyso waxyaabo aad u xiiso badan. Waxba, qoraalkani waa mid ka mid ah kuwa aan ku taxay "si aan u furo maskaxda."