Bopaki ba PAM - Marang-rang a SME

Kakaretso ea li-series: Li-network tsa likhomphutha tsa li-SME: Selelekela

Lumelang metsoalle le metsoalle!

Ka sengoloa sena re ikemiselitse ho fana ka Kakaretso ho sehlooho sa Bopaki ka PAM. Re tloaetse ho sebelisa Workstation ea rona letsatsi le leng le le leng ka sistimi ea ts'ebetso ea Linux / UNIX mme ha se hangata re emisang ho ithuta ka mokhoa oa netefatso o hlahang nako le nako ha re qala thuto. Na rea tseba ka boteng ba li-archives / etc / passwdle / etc / shadow e leng database e kholo ea Bopaki ba Bopaki ba netefatso ea basebelisi ba lehae. Re ts'epa hore kamora ho bala poso ena o tla ba le mohopolo o hlakileng oa hore na PAM e sebetsa joang.

Index

1 Netefatso
2 PAM: Module ea netefatso ea plugable
3 Debian
4 CentOS
5 Kakaretso
6 Ho batlisitsoe mehloli
- 6.1 Mofuta oa PDF

Netefatso

Bopaki - bakeng sa merero e sebetsang - ke tsela eo mosebelisi a netefatsoang khahlano le sistimi. Ts'ebetso ea netefatso e hloka boteng ba seteiti sa boitsebiso le mangolo - lebitso la mosebelisi le phasewete - tse bapisoang le tlhaiso-leseling e bolokiloeng polokelongtshedimosetsong. Haeba lintlha tse hlahisitsoeng li tšoana le tse bolokiloeng mme ak'haonte ea mosebelisi e sebetsa, mosebelisi ho thoe o kene kahare. bonnete o atlehile kapa o atlehile ho fetisa netefatso.

Hang ha mosebelisi a netefalitsoe, tlhaiso-leseling eo e fetisetsoa ho file ea tšebeletso ea taolo ea phihlello ho fumana hore na mosebelisi enoa a ka etsa eng tsamaisong le lisebelisoa tseo a nang le tsona tumello ho li fihlella.

Tlhahisoleseling ea ho netefatsa mosebelisi e ka bolokoa polokelongtshedimosetso ea lehae ho sistimi, kapa sistimi ea lehae e ka supa database e teng ho sistimi e hole, joalo ka LDAP, Kerberos, database tsa NIS, joalo-joalo.

Mekhoa e mengata ea ts'ebetso ea UNIX® / Linux e na le lisebelisoa tse hlokahalang ho hlophisa ts'ebeletso ea netefatso ea moreki / seva bakeng sa mefuta e atileng haholo ea database. Tse ling tsa litsamaiso tsena li na le lisebelisoa tse hlakileng haholo tse kang Red Hat / CentOS, SUSE / openSUSE, le lipehelo tse ling.

PAM: Module ea netefatso ea plugable

ea Li-module tse kentsoeng netefatso Re li sebelisa letsatsi le letsatsi ha re kena ho Desktop ea rona ka sistimi e sebetsang e thehiloeng ho Linux / UNIX, le maemong a mang a mangata ha re fihlella lits'ebeletso tsa lehae kapa tse hole tse nang le module ea PAM ea lehae. kentsoe bakeng sa netefatso khahlano le ts'ebeletso eo.

Mohopolo o sebetsang oa hore na li-module tsa PAM li kentsoe joang o ka fumanoa ka tatellano ea mmuso ea netefatso en sehlopha se nang le Debian le en e 'ngoe e nang le CentOS hore re ntshetsa pele latelang.

Debian

Litokomane

Haeba re kenya package libpam-doc re tla ba le litokomane tse ntle haholo tse fumanehang bukaneng / usr / share / doc / libpam-doc / html.

motso @ linuxbox: ~ # aptitude kenya libpam-doc
motso @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /

Ho boetse ho na le litokomane tse ling ho PAM ho li-directory:

motso @ linuxbox: ~ # ls -l / usr / share / doc / | grep pam
drwxr-xr-x 2 motso 4096 Apr 5 21: 11 libpam0g drwxr-xr-x 4 motso 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 motso 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 motso oa 4096 Apr 5 21: 11 libpam-module drwxr-xr-x 2 motso 4096 Apr 5 21:11 libpam-modules-bin drwxr-xr-x 2 motso 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 motso 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 motso 4096 Apr 5 21:31 python-pam

Re lumela hore pele re batla litokomane inthaneteng, re lokela ho lekola e seng e kentsoe kapa eo re ka e kenyang ka kotloloho litsing tsa polokelo tse teng bakeng sa ho hong mme hangata re li kopitsa ho hard drive ea rona. Mohlala oa sena ke o latelang:

motso @ linuxbox: ~ # tlase / usr / share / doc / libpam-gnome-keyring / README
gnome-keyring ke lenaneo le bolokang phasewete le liphiri tse ling tsa basebelisi. E tsamaisoa joalo ka daemon lenaneong, e ts'oanang le ssh-agent, 'me lits'ebetso tse ling li e fumane ka phapano ea tikoloho kapa D-Bus. Lenaneo le khona ho tsamaisa li-keyrings tse 'maloa, e' ngoe le e 'ngoe e na le phasewete ea eona e hloahloa, hape ho na le li-keyring tsa nako eo ho seng mohla li bolokiloeng disk, empa li lebetsoeng ha lenaneo le fela. Laeborari ea "libgnome-keyring" e sebelisoa ke lits'ebetso tsa ho hokahanya le sistimi ea linotlolo tsa GNOME.

Seo se fetoletsoeng ka bolokolohi se batla ho hlalosa:

keyn key-key ke lenaneo le ikarabellang bakeng sa ho boloka li-password le liphiri tse ling tsa basebelisi. Thutong ka 'ngoe e sebetsa joalo ka daemon, e ts'oanang le ssh-agent, le lits'ebetsong tse ling tse fumanehang ka ho fetoha ha tikoloho - tikoloho kapa ka D-Bus. Lenaneo le ka sebetsana le li-keyrings tse 'maloa, e' ngoe le e 'ngoe e na le phasewete ea eona e ntle. Ho boetse ho na le setlhopha sa li-keyring se sa bolokoang ho hard disk mme se lebetsoe ha lenaneo le fela. Lik'homphieutha li sebelisa laebrari ea key-keyring ho kopanya le sistimi ea likonopo tsa GNOME.

Debian le Sisteme e Sebetsang ea Base

Re qala ka khomphutha eo re sa tsoa kenya ho eona Debian 8 "Jessie" e le Ts'ebetso ea Ts'ebetso mme nakong ea ts'ebetso ea ho kenya re khetha feela "Basic system utilities", ntle le ho tšoaea khetho e ngoe ea ho kenya mesebetsi - mesebetsi e meng ntle kapa liphutheloana tse boletsoeng esale pele joalo ka seva sa OpenSSH. Haeba kamora ho qala seboka sa pele re phethisa:

motso @ master: ~ # pam-auth-update

re tla fumana litholoana tse latelang:

E re bonts'ang hore Mojule oa PAM feela o sebelisitsoeng ho fihlela motsotso oo ke Bopaki ba UNIX. Utility pam-auth-update e re lumella ho hlophisa leano la netefatso le bohareng bakeng sa sistimi ha re sebelisa li-Profiles tse boletsoeng esale pele tse fanoeng ke li-module tsa PAM. Bakeng sa tlhaiso-leseling e batsi bona monna pam-auth-update.

Ha re ntse re e-s'o kenye seva sa OpenSSH, re ke ke ra fumana module ea eona ea PAM bukaneng /etc/pam.d/, e tla ba le li-module le li-profiles tse laetsoeng ho fihlela linako tsena:

motso @ master: ~ # ls -l /etc/pam.d/
Kakaretso ea 76 -rw-r-r-- 1 motso oa 235 Sep 30 2014 atd -rw-r - r-- 1 motso motso 1208 Apr 6 22: 06 e tloaelehileng-account -rw-r-r-- 1 motso 1221 Apr 6 22: 06 common-auth -rw-r - r-- 1 motso motso 1440 Apr 6 22:06 common-password -rw-r - r-- 1 motso motso 1156 Apr 6 22:06 common-session -rw -r-r-- 1 motso motso 1154 Apr 6 22: 06 common-session-noninteractive -rw-r - r-- 1 root root 606 Jun 11 2015 cron -rw-r - r - 1 motso oa 384 Nov 19 2014 chfn -rw-r - r-- 1 motso oa motso 92 Nov 19 2014 chpasswd -rw-r - r-- 1 motso motso 581 Nov 19 2014 chsh -rw-r-- r-- 1 motso oa 4756 Nov 19 2014 kena -rw-r-r- 1 motso motso 92 Nov 19 2014 newusers -rw-r - r-- 1 motso motso 520 Jan 6 2016 tse ling -rw-r- -r- 1 motso oa motso 92 Nov 19 2014 passwd - rw-r-r- 1 motso oa 143 Mar 29 2015 runuser -rw-r-r- 1 motso oa 138 Mar 29 2015 runuser-l -rw -r - r-- 1 motso oa 2257 Nov 19 2014 su - rw-r-r- 1 motso motso 220 Sep 2 2016 systemd-user

Mohlala, ho sebelisa module ea PAM /etc/pam.d/chfn sistimi e hlophisa ts'ebeletso Shadow, ha a ntse a /etc/pam.d/cron daemon e hlophisitsoe cron. Ho tseba ho se hokae re ka bala litaba tsa e 'ngoe le e' ngoe ea lifaele tsena tse rutang haholo. E le sampole re fana ka tlase diteng tsa mojulung ona /etc/pam.d/cron:

root @ master: ~ # tlase /etc/pam.d/cron
# PAM ea faele ea phetolo bakeng sa cron daemon

@kenyelletsa common-auth

# E beha lenaneo la loginuid la semelo se hlokahalang pam_loginuid.so # Bala mefuta e fapaneng ea tikoloho ho tsoa ho lifaele tsa pam_env, / joalo-joalo / tikoloho # le /etc/security/pam_env.conf. setlhopha se hlokahalang pam_env.so # Ntle le moo, bala sistimi ea tlhaiso-leseling ea sebaka seo e hlokahalang pam_env.so envfile = / etc / default / locale

@kenyelletsa ak'haonte e tloaelehileng
@include tloaelehileng-fa setlhopha se kopane 

# E beha meeli ea mosebelisi, ka kopo hlalosa meeli bakeng sa mesebetsi ea cron # ka /etc/security/limits.conf setlhopha se hlokahalang pam_limits.so

Tlhophiso ea lipolelo kahare ho e 'ngoe le e' ngoe ea lifaele e bohlokoa. Ka kakaretso, ha re khothaletse ho fetola efe kapa efe ea eona ntle le haeba re tseba hantle seo re se etsang.

Debian e nang le base OS + OpenSSH

motso @ master: ~ # aptitude kenya task-ssh-server
Ho tla kengoa liphutheloana tse latelang tse Ncha: openssh-server {a} openssh-sftp-server {a} task-ssh-server

Re tla netefatsa hore module ea PAM e kentsoe mme ea hlophisoa ka nepo ssh:

motso @ master: ~ # ls -l /etc/pam.d/sshd 
-rw-r-r- 1 motso oa motso 2133 Jul 22 2016 /etc/pam.d/sshd

Haeba re batla ho tseba litaba tsa profil eo:

root @ master: ~ # tlase /etc/pam.d/sshd

Ka mantsoe a mang, ha re leka ho qala lenaneo le hole le komporo e ngoe re sebelisa ssh, Bopaki ba komporo ea lehae bo etsoa ka module ea PAM ssh haholo-holo, ntle le ho lebala tumello e ngoe le likarolo tsa ts'ireletso tse amehang ts'ebeletsong ea ssh joalo.

Ka tsela eo, re eketsa hore file e kholo ea phetisetso ea ts'ebeletso ena ke / joalo / ssh / sshd_config, Le hore bonyane ho Debian e kentsoe ka boiketsetso ntle le ho lumella mosebelisi ho kena motso. Ho e lumella, re tlameha ho fetola faele / joalo / ssh / sshd_config 'me u fetole mohala:

PermitRootLogin ntle le phasewete

PermitRootLogin ho joalo

ebe o qala hape mme o lekole maemo a ts'ebeletso ka:

motso @ master: ~ # systemctl qala hape ssh
motso @ master: ~ # systemctl boemo ba ssh

Debian e nang le desktop ea LXDE

Re tsoelapele ka sehlopha se le seng - re fetola mabitso a bona kapa lebitso la lebotho ka "lebokose la linux»Bakeng sa ts'ebeliso ea nako e tlang eo re qetileng ho e kenya LXDE Desktop. Ha re matheng pam-auth-update 'me re tla fumana litholoana tse latelang:

Sistimi e se e ntse e nolofalletsa li-Profiles -Modules- tsohle tse hlokahalang bakeng sa netefatso e nepahetseng nakong ea ho kenya desktop ea LXDE, tse latelang:

Module oa Bopaki ba UNIX.
Module e rekotang linako tsa basebelisi ho Sehlopha sa Tsamaiso ea Boholo-holo sa systemd.
GNOME Keyring Daemon Module

Re nka monyetla ona ho khothaletsa hore maemong ohle, ha re botsoa "li-profiles tsa PAM ho li thusa", re khethe khetho Ntle le haeba re tseba hantle seo re se etsang. Haeba re fetola tokiso ea PAM e iketsetsang ka bo eona ke Sisteme e sebetsang ka boeona, re ka nolofalletsa ho kena ka har'a komporo habonolo.

Maemong a kaholimo ao re buang ka ona Bopaki ba Lehae kapa Bopaki ba netefatso khahlanong le komporo ea lehae joalo ka ha e etsahala ha re qala seboka se hole ssh.

Haeba re kenya tšebetsong mokhoa oa Bopaki ba Remote sehlopheng sa lehae Bakeng sa basebelisi ba nang le mangolo a bona a bolokiloeng ka har'a seva se hole sa OpenLDAP kapa ho Directory ea Active, sistimi e tla nahanela mofuta o mocha oa netefatso mme e tla eketsa li-module tsa PAM tse hlokahalang.

Lifaele tse kholo

/ etc / passwd: Tlhahisoleseling ea Ak'haonte ea mosebelisi
/ etc / shadow: Boitsebiso bo bolokehileng ba liakhaonto tsa mosebelisi
/etc/pam.conf: Faele e lokelang ho sebelisoa feela haeba sesebelisoa ha se eo /etc/pam.d/
/etc/pam.d/Directory moo mananeo le lits'ebeletso li kenyang li-module tsa PAM
/etc/pam.d/passwd: PAM tlhophiso ea passwd.
/etc/pam.d/ tloaelehileng-accountLikarolo tsa tumello tse tloaelehileng litšebeletsong tsohle
/etc/pam.d/common-auth: Meeli ea netefatso e tloaelehileng litšebeletsong tsohle
/etc/pam.d/common-passwordLi-module tsa PAM tse tloaelehileng ho lits'ebeletso tsohle tse amanang le li-password - diphasewete
/etc/pam.d/common-sessionLi-module tsa PAM tse tloaelehileng ho lits'ebeletso tsohle tse amanang le linako tsa mosebelisi
/etc/pam.d/common-session- e sa sebelisanengLi-module tsa PAM tse tloaelehileng ho lits'ebeletso tsohle tse amanang le linako tse sa sebelisaneng kapa tse sa hlokeng ts'ebeliso ea mosebelisi, joalo ka mesebetsi e etsoang qalong le qetellong ea linako tse sa sebelisaneng.
/ usr / arolelana / doc / passwd /: Tokomane ea litokomane.

Re khothaletsa ho bala maqephe a tataiso a passwd y Moriti ho feta motho o feta y moriti oa motho. Ho phetse hantle ho bala se kahare ho lifaele ak'haonte e tloaelehileng, auth e tloaelehileng, sengoloa se tloaelehileng, sengolo se tloaelehileng y tloaelehileng-fa setlhopha se kopane.

Li-module tsa PAM lia fumaneha

Ho fumana mohopolo oa li-module tsa PAM tse teng a priori Sebakeng se tloaelehileng sa Debian, rea matha:

buzz @ linuxbox: ~ $ aptitude batla libpam

Lethathamo lena le lelelele mme re tla bonts'a li-module tse bonts'ang hore na li pharalletse hakae:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Iketsetse liqeto.

CentOS

Haeba nakong ea ts'ebetso re khetha khetho «Seva e nang le GUI«, Re tla fumana sethala se setle sa ho kenya tšebetsong lits'ebeletso tse fapaneng bakeng sa SME Network. Ho fapana le Debian, CentOS / Red Hat® e fana ka letoto la li-console le lisebelisoa tsa lits'oants'o tse nolofalletsang bophelo ho Sisteme kapa Network Administrator.

Litokomane

E kentsoe ka boiketsetso, re e fumana ka har'a sesebelisoa:

[motso @ linuxbox ~] # ls -l / usr/share/doc/pam-1.1.8/
Kakaretso ea 256 -rw-r-r--. Motso oa 1 motso 2045 Jun 18 2013 Copyright drwxr-xr-x. Motso oa 2 motso 4096 Apr 9 06:28 HTML
-rw-r-r--. Motso oa 1 motso 175382 Nov 5 19: 13 Linux-PAM_SAG.txt -rw-r-r--. Motso oa 1 motso 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. Motso oa 2 motso 4096 Apr 9 06:28 txts

[motso @ linuxbox ~] # ls / usr/share/doc/pam-1.1.8/txts/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit faele ya readme. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail faele ya readme .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README README.pam_issue README.pam_mkhomedir README.pam_rootok README.pam_tally2 README.pam_wheel READMEMMEDE

E, re boetse re bitsa sehlopha sa CentOS "linuxbox" joalo ka ka Debian, e tla re sebeletsa bakeng sa lingoloa tse tlang ho li-SMB Networks.

CentOS le GNOME3 GUI

Ha re khetha nakong ea ho kenya khetho «Seva e nang le GUI«, Desktop ea GNOME3 le lits'ebeletso tse ling le li-program tsa base li kentsoe ho nts'etsapele seva. Boemong ba console, ho tseba boemo ba netefatso boo re bo etsang:

[motso @ linuxbox ~] # authconfig-tui

Re netefatsa hore ke li-module tsa PAM feela tse hlokahalang bakeng sa phetolo ea seva ea hona joale tse lumelloang, esita le mojule oa ho bala likhatiso tsa menoana, sistimi ea netefatso eo re e fumanang mefuteng e meng ea Laptops.

CentOS e nang le GNOME3 GUI e kene ho Microsoft Active Directory

Joalokaha re bona, li-module tse hlokahalang li ekelitsoe mme li nolofalitsoe -winbind- bakeng sa netefatso khahlano le Sisteme e Sebetsang, ha re ntse re thibela mojulu ka boomo ho bala likhatiso tsa menoana, hobane ha ho hlokahale.

Sehloohong se tlang re tla tšohla ka botlalo hore na u ka ikopanya le moreki oa CentOS 7 joang ho Microsoft Active Directory. Re lebelletse feela hore ho sebelisa sesebelisoa koetse-gtk Ho hlongoa liphutheloana tse hlokahalang, ho hlophisoa ha li-directory tsa basebelisi ba domain e netefatsang sebakeng sa heno, le ts'ebetso ka boeona ea ho ikopanya le moreki ho Domain of an Directory Directory e iketsahalla haholo. Mohlomong kamora kopano, ho tla hlokahala feela ho qala komporo hape.

Lifaele tse kholo

Lifaele tse amanang le Bopaki ba Bopaki ba CentOS li fumaneha bukeng /etc/pam.d/:

[motso @ linuxbox ~] # ls /etc/pam.d/
atd liveinst smartcard-Author-ac system-auth fingerprint-auth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-netefatso gdm-autologin remote systemd-user gdm-fingerprint runuser vlock gdm-qala-tikoloho runuser-l vmtoolsd gdm-password samba xserver gdm-pin setup gdm-smartcard smartcard-auth

Li-module tsa PAM lia fumaneha

Re na le libaka tsa polokelo setsi, centosplus, epel, y diapdeite. Ho bona re fumana-har'a ba bang- li-module tse latelang re sebelisa litaelo yum batla pam-, yum batla pam_le yum batla libpam:

nss-pam-ldapd.i686: module ea nsswitch e sebelisang li-server tsa li-nss-pam-ldapd.x86_64: nsswitch module e sebelisang li-server server ovirt-guest-agent-pam-module.x86_64: module ea PAM bakeng sa moemeli oa moeti oa oVirt pam -kwallet. ka MAPI khahlano le seva sa Zarafa pam_oath.x86_64: Mojaro oa PAM bakeng sa netefatso ea ho kena ka plug bakeng sa OATH pam_pkcs86.i64: PKCS # 5 / NSS PAM module ea ho kena pam_pkcs686.x5_5: PKCS # 86 / NSS PAM module ea ho kena pam_radius.x64_5: PAM Module Bopaki ba RADIUS pam_script.x86_64: PAM module bakeng sa ho etsa script pam_snapper.i86: module ea PAM ea ho letsetsa snapper pam_snapper.x64_11: module ea PAM ea ho letsetsa snapper pam_ssh.x686_11: module ea PAM bakeng sa ts'ebeliso ea linotlolo tsa SSH le ssh-agent pam_ssh_agent_11 86: PAM module bakeng sa netefatso ka ssh-agent pam_ssh_agent_auth.x64_11: PAM module bakeng sa netefatso ka ssh-agent pam_url.x86_64: module ea PAM ho netefatsa ka li-server tsa HTTP pam_wrapper.x86_64: Sesebelisoa sa ho leka lits'ebetso tsa PAM le li-module tsa PAM pam_yubico.x686_86: Module ea Bopaki bo ka Potlakang bakeng sa yubikeys libpamtest-doc.x64_86: Tokomane ea libpamtest API python-libpamtest.x64_686: Sesebelisoa sa python bakeng sa libpamtest libpamtest.x86_64: Sesebelisoa sa ho leka lits'ebetso tsa PAM le li-module tsa PAM libpamtest-devel.x86_64: Sesebelisoa sa tlhahlobo ea test Likopo tsa PAM le li-module tsa PAM

Kakaretso

Ho bohlokoa ho ba le tsebo e fokolang ka PAM haeba re batla ho utloisisa ka mokhoa o akaretsang hore Bopaki bo etsoa joang nako le nako ha re kena khomphuteng ea Linux / UNIX. Ho bohlokoa hape ho tseba hore ke ka Bopaki ba Lehae feela re ka fanang ka lits'ebeletso ho likhomphutha tse ling ka netweke e nyane ea SME joalo ka Proxy, Mail, FTP, jj, kaofela li tsepame ho seva e le 'ngoe. Litšebeletso tsohle tse fetileng - le tse ling tse ngata kamoo re boneng pejana- li na le module ea bona ea PAM.

Ho batlisitsoe mehloli

Litaelo tsa litaelo - maqephe a motho.
NetefatsoLeqephe la Wikipedia ka Sepanishe
Limmojule tsa Bopaki ba Plugable
Red_Hat_Enterprise_Linux-6-Deployment_Guide-en-US

Mofuta oa PDF

Khoasolla mofuta oa PDF mona.

Ho fihlela sengoloeng se latelang!

Sengoli: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico

Maikutlo a 6, siea ea hau

Siea maikutlo a hau Hlakola karabo

mokholutsoane a re
e etsa lilemo tse 5

Sengoloa se qaqileng haholo mabapi le netefatso e sebelisang PAM, kea lumela hore ke ne ke sa tsebe ka botlalo ts'ebetso ea netefatso le palo e sa feleng ea likopo tse qaqileng le tse sireletsehileng tseo re ka u fang tsona. Ena ke sengoloa se monate se u lumellang ho bona boholo ba PAM Bopaki, bo ka bang le lipheo tse ngata ho li-SME.

O mong oa menehelo ea hau e meholo, re leboha haholo ka Fico Material e ntle hakana

Arabela mokholutsoane
E sa tsejoe a re
e etsa lilemo tse 5

Kea leboha ka maikutlo a hau, Luigys ea ratehang. Morero oa sengoloa ke ho bula likelello tsa babali mabapi le PAM le li-module tsa eona. Ke nahana hore poso ea atleha.
Ka tsela eo ke u tsebisang hore litlhaloso ha li fihle ho nna ka poso.

Araba ho mosebelisi
federico a re
e etsa lilemo tse 5

lol, ke lebetse ho ngola aterese ea ka ea lengolo tsoibila ka maikutlo a fetileng. Ke ka lebaka leo motho ea sa tsejoeng a hlahang. 😉

Araba ho federico
HO2GI a re
e etsa lilemo tse 5

Sengoloa se setle, joalo ka kamehla.

Araba HO2GI
sethoto a re
e etsa lilemo tse 5

Ke Federico ea rutang haholo, ke ile ka tlameha ho sebetsana le PAM makhetlo a fetang a le mong mme ke khahloa ke boqapi, ho bohlokoa haholo ho khona ho kenya ts'ebetso ho lihakisi tse e lumellang, mohlala ntho ea hoqetela eo ke e entseng e ne e le REST API ho Python / Botlolo e bokellang ho kena le ho kena ha basebelisi ba sebaka sa ka sa marang-rang (setaele sa mor'abo rona e moholo, ho tseba ntho e ngoe le e ngoe), hobane ha ba nahane hore na ke beha mehala ea hokae ho tsebisa api? Ee, ka PAM.

Araba ho dhunter
federico a re
e etsa lilemo tse 5

Ke leboha HO2GI ka tlhahlobo ea poso.
Dhunter: Kea u lumelisa hape. Joalo ka mehla o etsa lintho tse khahlisang haholo. Ha ho na letho, molaetsa ona ke e 'ngoe ea tseo ke li thathamisang "ho bula likelello."

Araba ho federico