Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo
Molweni zihlobo nabahlobo!
Ngale nqaku sizimisele ukubonelela ngesishwankathelo kwisihloko sokuNgqinisisa WFP. Sisebenzise ukusebenzisa i-Workstation yethu kunye nenkqubo yokusebenza ye-Linux / UNIX yonke imihla kwaye kunqabile ukuba sime sifunde ukuba inkqubo yokuqinisekisa yenzeka njani ngalo lonke ixesha siqala iseshoni. Ngaba siyabazi ubukho boovimba / njl / njl, kwaye / njl / isithunzi ezenza iziko ledatha eliphambili lokuNgqinisisa iziQinisekiso zabasebenzisi bendawo. Siyathemba ukuba emva kokufunda le posi uya kuba- ubuncinci- umbono ocacileyo wendlela iPAM isebenza ngayo.
Uqinisekiso
Ukuqinisekiswa-kwenjongo ebonakalayo-yindlela umsebenzisi aqinisekiswa ngayo ngokuchasene nenkqubo. Inkqubo yokuqinisekisa ifuna ubukho beseti yesazisi kunye neenkcukacha ezisemthethweni- igama lomsebenzisi kunye negama eligqithisiweyo- ezithelekiswa nolwazi olugcinwe kwindawo yogcino lwedatha. Ukuba iziqinisekiso ezibonisiweyo ziyafana nezo zigcinwe kwaye iakhawunti yomsebenzisi iyasebenza, umsebenzisi kuthiwa unjalo eyiyo uphumelele ngempumelelo okanye ngempumelelo ungqinisiso.
Nje ukuba umsebenzisi aqinisekiswe, olo lwazi ludluliselwa kwifayile ye- inkonzo yolawulo lofikelelo Ukufumanisa ukuba yintoni umsebenzisi anokuyenza kwinkqubo kwaye zeziphi izibonelelo abanazo ngenxa ugunyaziso ukufikelela kuzo.
Ulwazi lokuqinisekisa ukuba umsebenzisi unokugcinwa kwindawo yogcino lwedatha kwisistim, okanye inkqubo yendawo inokubhekisa kwindawo esele ikho kwinkqubo ekude, enje nge-LDAP, Kerberos, NIS database, njalo njalo.
Uninzi lweenkqubo zokusebenza ze-UNIX® / Linux zinezixhobo eziyimfuneko zokumisela umxhasi / inkonzo yokuqinisekiswa kweseva kweyona ntlobo zixhaphakileyo zolwazi. Ezinye zezi nkqubo zinezixhobo ezibonakalayo ezibonakalayo ezinje ngeRed Hat / CentOS, SUSE / openSUSE, nolunye usasazo.
I-PAM: Imodyuli yoQinisekiso yokuQinisekiswa
Los Iimodyuli ezifakwe ukuze zingqinisiswe Sizisebenzisa yonke imihla xa singena kwiDesktop yethu ngenkqubo yokusebenza esekwe kwiLinux / UNIX, nakwezinye iimeko ezininzi xa sifikelela kwiinkonzo zasekhaya okanye ezikude ezinemodyuli ethile ye-PAM ifakiwe yokuqinisekisa ngokuchasene nenkonzo.
Uluvo olusebenzayo lokuba iimodyuli ze-PAM ezifakiwe zinokufunyanwa ngokulandelelana kukarhulumente ungqinisiso en Iqela leDebian kunye en enye ene-CentOS esiya kuphuhlisa ngokulandelayo.
Debian
Uxwebhu
Ukuba sifaka iphakheji I-libpam-doc Siza kuba namaxwebhu amahle kakhulu akwisikhombisi / usr / share / doc / libpam-doc / html.
ingcambu @ linuxbox: ~ # ukufaneleka ukufaka libpam-doc ingcambu @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /
Kukho namaxwebhu amaninzi kwi-PAM kwimikhombandlela:
ingcambu @ linuxbox: ~ # ls -l / usr / share / doc / | grep pam drwxr-xr-x 2 ingcambu 4096 Apr 5 21: 11 libpam0g drwxr-xr-x 4 ingcambu 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 ingcambu 4096 Apr 5 21:30 libpam-gnome- I-keyring drwxr-xr-x 3 ingcambu yeengcambu 4096 Apr 5 21: 11 libpam-modyuli drwxr-xr-x 2 ingcambu 4096 Apr 5 21:11 libpam-iimodyuli-bin drwxr-xr-x 2 ingcambu 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 ingcambu 4096 Apr 5 21: 26 libpam-systemd drwxr-xr-x 3 ingcambu 4096 Apr 5 21:31 python-pam
Siyakholelwa ukuba ngaphambi kokukhangela amaxwebhu kwi-Intanethi, kufuneka siphinde siqwalasele leyo sele ifakiwe okanye leyo sinokuyifaka ngqo kwiipropathi zenkqubo ezikhoyo zento ethile kwaye amaxesha amaninzi sizikopisha kwi-hard drive yethu. Umzekelo woku kulandelayo:
ingcambu @ linuxbox: ~ # ngaphantsi / usr / share / doc / libpam-gnome-keyring / README Isitshixo se-gnome yinkqubo egcina iphasiwedi kunye nezinye iimfihlo zabasebenzisi. Iqhutywa njenge daemon kwiseshoni, efanayo kwi-ssh-arhente, kunye nolunye usetyenziso ukuyifumana ngoguquguquko lwendalo okanye i-D-Bus. Inkqubo inokulawula ii-keyrings ezininzi, nganye ine-password yayo eyintloko, kwaye kukho neseshini yamaqhosha angaze agcinwe kwidiski, kodwa ilibaleke xa iseshoni iphela. Ilayibrari ye-libgnome-keyring isetyenziswa zizicelo ukudibanisa nenkqubo yezitshixo ze-GNOME.
Oko kuguqulelwe ngokukhululekileyo kufuna ukuveza:
- Isitshixo se-gnome yinkqubo ephetheyo yokugcina iiphasiwedi kunye nezinye iimfihlo zabasebenzisi. Kwiseshoni nganye isebenza njenge-daemon, efanayo ne-ssh-arhente, kunye nezinye iinkqubo ezibekwe ngokwahluka kwendalo- okusingqongileyo okanye nge-D-Bus. Inkqubo inokuphatha ii-keyrings ezininzi, nganye ine-password yayo eyintloko. Kukho iseshoni yesitshixo engazange igcinwe kwidiski enzima kwaye ilibaleke xa iseshoni iphela. Izicelo zisebenzisa ilayibrari enesitshixo sokudibanisa ukudibanisa nenkqubo yezitshixo ze-GNOME.
I-Debian eneNkqubo yokuSebenza eSisiseko
Siqala kwikhompyuter apho sisandula ukufaka i-Debian 8 "Jessie" njengeNkqubo yokuSebenza kwaye ngexesha lenkqubo yofakelo sikhetha kuphela "Izinto ezisisiseko zenkqubo", ngaphandle kokumakisha enye indlela yokufaka imisebenzi- imisebenzi okanye iipakeji ezichazwe kwangaphambili njengeseva ye-OpenSSH. Ukuba emva kokuqala kweseshoni yokuqala siphumeza:
ingcambu @ inkosi: ~ # pam-auth-uhlaziyo
Siza kufumana iziphumo zilandelayo:
Isibonisa ukuba kuphela kweModyuli yePAM esetyenzisiweyo ukuza kuthi ga ngelo xesha kukuqinisekiswa kwe-UNIX. Into eluncedo Uhlaziyo lwe-pam-Author Isivumela ukuba siqwalasele umgaqo-nkqubo ophakathi wokuqinisekisa kwinkqubo xa usebenzisa iiProfayili ezichazwe kwangaphambili ezinikezwe ziiModyuli zePAM. Ngolwazi oluthe kratya jonga indoda pam-umbhali-uhlaziyo.
Njengokuba singekayifaki iseva ye-OpenSSH, asizukuyifumana imodyuli yayo ye-PAM kulawulo /etc/pam.d/, eziya kuba neemodyuli ze-PAM kunye neeprofayili ezilayishwe kule mizuzu:
ingcambu @ inkosi: ~ # ls -l /etc/pam.d/ Iyonke i-76 -rw-r-r-- 1 ingcambu yeengcambu 235 Sep 30 2014 atd -rw-r - r-- 1 ingcambu yeengcambu 1208 Apr 6 22:06 i-akhawunti eqhelekileyo -rw-r-r-- 1 ingcambu yeengcambu 1221 Ngomhla we-6 ka-Ephreli 22: 06 eqhelekileyo-i-auth -rw-r-r-- 1 ingcambu yeengcambu 1440 Apr 6 22: 06 eqhelekileyo-iphasiwedi -rw-r-r-- 1 ingcambu yeengcambu 1156 Apr 6 22:06 iseshoni eqhelekileyo -rw -r-r-- 1 ingcambu yeengcambu 1154 Epreli 6 22: 06 eqhelekileyo-iseshoni-engasebenziyo -rw-r-r-- 1 ingcambu yeengcambu 606 Jun 11 2015 cron -rw-r - r - 1 ingcambu ingcambu 384 Nov 19 2014 chfn -rw-r-r-- 1 ingcambu ingcambu 92 Nov 19 2014 chpasswd -rw-r - r-- 1 ingcambu 581 Nov 19 2014 chsh -rw-r-- r-- 1 ingcambu 4756 Nov 19 2014 ungene -rw-r-r-- 1 ingcambu 92 Nov 19 2014 ezintsha -rw-r - r-- 1 ingcambu 520 Jan 6 2016 enye -rw-r- -r- 1 ingcambu ingcambu 92 Nov 19 2014 passwd - I-rw-r-r- 1 ingcambu yeengcambu 143 Mar 29 2015 runuser -rw-r-r-- 1 ingcambu yeengcambu 138 Mar 29 2015 runuser-l -rw -r - r-- 1 ingcambu 2257 Nov 19 2014 su - rw-r-r- 1 ingcambu yeengcambu 220 Sep 2 2016 systemd-user
Umzekelo, usebenzisa imodyuli yePAM /etc/pam.d/chfn inkqubo iqwalasela inkonzo shadow, ngelixa kugqityiwe /etc/pam.d/cron idemon ikhangelwe Cron. Ukufunda okungakumbi sinokufunda umxholo wefayile nganye efundisa kakhulu. Njengesampulu sinika ngezantsi umxholo wemodyuli /etc/pam.d/cron:
ingcambu @ inkosi: ~ # ngaphantsi /etc/pam.d/cron # Ifayile yoqwalaselo lwePAM yedemon yedemon @include eqhelekileyo-umbhali # Cwangcisa inkqubo ye-loginuid yenkqubo yeseshoni efunekayo pam_loginuid.so # Funda izinto eziguquguqukayo kokusingqongileyo kwiifayile ze-pam_env, / njl njl / kwindalo # kunye /etc/security/pam_env.conf. Iseshoni efunekayo pam_env.so # Ukongeza, funda inkqubo yeseshoni yolwazi efunekayo pam_env.so envfile = / etc / default / locale @include iakhawunti eqhelekileyo @include Iseshoni eqhelekileyo-engasebenziyo # Misela umda womsebenzisi, nceda uchaze umda kwimisebenzi yekron # ngokusebenzisa /etc/security/limits.conf yeseshoni efunekayo pam_limits.so
Ukulandelelana kweengxelo kwifayile nganye kubalulekile. Ngokubanzi, asikukhuthazi ukuguqula nayiphi na ngaphandle kokuba siyazi kakuhle into esiyenzayo.
I-Debian ene-OS esezantsi + i-OpenSSH
ingcambu @ master: ~ # ukufaneleka ukufaka umsebenzi-ssh-server Ezi phakheji zintsha zilandelayo ziya kufakelwa: opensh-server {a} openssh-sftp-server {a} task-ssh-server
Siza kuqinisekisa ukuba imodyuli yePAM yongezwa kwaye yaqwalaselwa ngokuchanekileyo ssh:
ingcambu @ inkosi: ~ # ls -l /etc/pam.d/sshd -rw-r-r- 1 ingcambu yeengcambu 2133 Jul 22 2016 /etc/pam.d/sshd
Ukuba sifuna ukwazi umxholo wale profayile:
ingcambu @ inkosi: ~ # ngaphantsi /etc/pam.d/sshd
Ngamanye amagama, xa sizama ukuqala iseshoni ekude kwenye ikhompyutha sisebenzisa ssh, ububhali kwi khomputha yalapha yenziwa kwimodyuli yePAM ssh ikakhulu, ngaphandle kokulibala olunye ugunyaziso kunye nemiba yezokhuseleko ebandakanyeka kwinkonzo ye-ssh ngolu hlobo.
Ngendlela, songeza ukuba eyona fayile yoqwalaselo yale nkonzo yile / njll / ssh / sshd_config, Kwaye ubuncinci kwi-Debian ifakwe ngokungagqibekanga ngaphandle kokuvumela ukungena ngemvume komsebenzisi Ingcambu. Ukuyivumela, kufuneka sitshintshe ifayile / njll / ssh / sshd_config kwaye utshintshe umgca:
I-PermitRootLogin ngaphandle kwephasiwedi
yi
ImvumeRootLogin ewe
emva koko uqalise kwakhona kwaye ujonge imeko yenkonzo ngu:
ingcambu @ master: ~ # systemctl qala kwakhona ssh ingcambu @ master: ~ # systemctl ubume ssh
Debian kunye ne-LXDE desktop
Siyaqhubeka neqela elinye-sitshintsha igama labo okanye igama lomkhosi ngu "ibhokisi ye-linux»Ukusetyenziswa kwexesha elizayo apho sigqibe ukufaka i-LXDE Desktop. Masibaleke Uhlaziyo lwe-pam-Author kwaye siya kufumana iziphumo zilandelayo:
Inkqubo sele inike amandla zonke iiProfayili -Modyuli- eziyimfuneko ukuze zingqinwe ngokuchanekileyo ngexesha lofakelo lwe-LXDE desktop, ezi zilandelayo:
- Imodyuli yokuNgqinisisa ye-UNIX.
- Imodyuli erekhoda iiseshoni zomsebenzisi kwiQela loLawulo lweHerarchical le inkqubo.
- Imodyuli yeDemon yeDemon
- Sithatha eli thuba ukucebisa ukuba kuzo zonke iimeko, xa siceliwe "Iiprofayili zePAM ukwenza ukuba sikwazi", sikhetha ukhetho Ngaphandle kokuba siyazi kakuhle into esiyenzayo. Ukuba sitshintsha utshintsho lwe-PAM olwenziwe ngokuzenzekelayo yiNkqubo yokuSebenza ngokwayo, sinokukhubaza ngokulula ukungena kwikhompyuter.
Kule meko ingentla sithetha ngayo Ubungqina Bendawo okanye Ubungqina ngokuchasene nekhompyuter yendawo njengoko isenzeka xa siqala iseshoni ekude nge ssh.
Ukuba sisebenzisa indlela ye Ukuqinisekiswa kokude kwiqela lendawo Kubasebenzisi abaneziqinisekiso zabo ezigcinwe kwiseva ye-OpenLDAP ekude okanye kwi-Active Directory, inkqubo iya kuthathela ingqalelo indlela entsha yokuqinisekisa kwaye iya kongeza iimodyuli ze-PAM eziyimfuneko.
Iifayile eziphambili
- / njl / njlUlwazi lweAkhawunti yoMsebenzisi
- / njl / isithunziUlwazi oluKhuselekileyo lweAkhawunti zomsebenzisi
- /etc/pam.confIfayile ekufuneka isetyenzisiwe kuphela ukuba isikhombisi asikho /etc/pam.d/
- /etc/pam.d/Isalathiso apho iinkqubo kunye neenkonzo zifaka khona iimodyuli zePAM
- /etc/pam.d/passwdUqwalaselo lwePAM passwd.
- /etc/pam.d/eqhelekileyo-akhawuntiImida yokugunyazisa eqhelekileyo kuzo zonke iinkonzo
- /etc/pam.d/indlela eziqhelekileyo-authUkuqinisekiswa kweeparamitha eziqhelekileyo kuzo zonke iinkonzo
- /etc/pam.d/gama eliqhelekileyo-Iimodyuli zePAM eziqhelekileyo kuzo zonke iinkonzo ezinxulumene neephasiwedi- password
- /etc/pam.d/indlela eqhelekileyoIimodyuli zePAM eziqhelekileyo kuzo zonke iinkonzo ezinxulumene neeseshoni zomsebenzisi
- /etc/pam.d/common-session- engasebenziyoIimodyuli ze-PAM eziqhelekileyo kuzo zonke iinkonzo ezinxulumene neeseshoni ezingadibaniyo okanye ezingadingi ungenelelo lomsebenzisi, ezinje ngemisebenzi eyenziwa ekuqaleni nasekupheleni kweeseshoni ezingadibaniyo.
- / usr / share / doc / passwd /Isikhokelo samaxwebhu.
Sincoma ukuba sifunde amaphepha encwadi ye- passwd y isithunzi mediante Ukupasa komntu y isithunzi somntu. Kusempilweni nokufunda imixholo yeefayile iakhawunti eqhelekileyo, i-auth eqhelekileyo, ukubhala-okuqhelekileyo, iseshoni eqhelekileyo y iseshoni eqhelekileyo-engasebenziyo.
Iimodyuli zePAM ziyafumaneka
Ukufumana umbono weemodyuli zePAM ezikhoyo kuqala Kwindawo yokugcina esemgangathweni yaseDebian, sibaleka:
buzz @ linuxbox: ~ $ aptitude ukukhangela libpam
Uluhlu lude kwaye siza kubonisa kuphela iimodyuli ezibonisa ukuba banzi kangakanani:
libpam-afs-session - PAM module to set up a PAG and obtain AFS tokens libpam-alreadyloggedin - PAM module to skip password authentication for logged users libpam-apparmor - changehat AppArmor library as a PAM module libpam-barada - PAM module to provide two-factor authentication based on HOTP libpam-blue - PAM module for local authenticaction with bluetooth devices libpam-ca - POSIX 1003.1e capabilities (PAM module) libpam-ccreds - Pam module to cache authentication credentials libpam-cgrou - control and monitor control groups (PAM) libpam-chroot - Chroot Pluggable Authentication Module for PAM libpam-ck-connector - ConsoleKit PAM module libpam-cracklib - PAM module to enable cracklib support libpam-dbus - A PAM module which asks the logged in user for confirmation libpam-duo - PAM module for Duo Security two-factor authentication libpam-dynalogin - two-factor HOTP/TOTP authentication - implementation libs libpam-encfs - PAM module to automatically mount encfs filesystems on login libpam-fprintd - PAM module for fingerprint authentication trough fprintd libpam-geo - PAM module checking access of source IPs with a GeoIP database libpam-gnome-keyring - PAM module to unlock the GNOME keyring upon login libpam-google-authenticator - Two-step verification libpam-heimdal - PAM module for Heimdal Kerberos libpam-krb5 - PAM module for MIT Kerberos libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos libpam-lda - Pluggable Authentication Module for LDA libpam-ldapd - PAM module for using LDAP as an authentication service libpam-mkhomedir - libpam-mklocaluser - Configure PAM to create a local user if it do not exist already libpam-modules - Pluggable Authentication Modules for PAM libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries libpam-mount - PAM module that can mount volumes for a user session libpam-mysql - PAM module allowing authentication from a MySQL server libpam-nufw - The authenticating firewall [PAM module] libpam-oath - OATH Toolkit libpam_oath PAM module libpam-ocaml - OCaml bindings for the PAM library (runtime) libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module libpam-otpw - Use OTPW for PAM authentication libpam-p11 - PAM module for using PKCS#11 smart cards libpam-passwdqc - PAM module for password strength policy enforcement libpam-pgsql - PAM module to authenticate using a PostgreSQL database libpam-pkcs11 - Fully featured PAM module for using PKCS#11 smart cards libpam-pold - PAM module allowing authentication using a OpenPGP smartcard libpam-pwdfile - PAM module allowing authentication via an /etc/passwd-like file libpam-pwquality - PAM module to check password strength libpam-python - Enables PAM modules to be written in Python libpam-python-doc - Documentation for the bindings provided by libpam-python libpam-radius-auth - The PAM RADIUS authentication module libpam-runtime - Runtime support for the PAM library libpam-script - PAM module which allows executing a script libpam-shield - locks out remote attackers trying password guessing libpam-shish - PAM module for Shishi Kerberos v5 libpam-slurm - PAM module to authenticate using the SLURM resource manager libpam-smbpass - pluggable authentication module for Samba libpam-snapper - PAM module for Linux filesystem snapshot management tool libpam-ssh - Authenticate using SSH keys libpam-sshauth - authenticate using an SSH server libpam-sss - Pam module for the System Security Services Daemon libpam-systemd - system and service manager - PAM module libpam-tacplus - PAM module for using TACACS+ as an authentication service libpam-tmpdir - automatic per-user temporary directories libpam-usb - PAM module for authentication with removable USB block devices libpam-winbind - Windows domain authentication integration plugin libpam-yubico - two-factor password and YubiKey OTP PAM module libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM libpam4j-java - Java binding for libpam.so libpam4j-java-doc - Documentation for Java binding for libpam.so
Zenzele ezakho izigqibo.
CentOS
Ukuba ngexesha lenkqubo yofako sikhetha ukhetho «Iseva ene-GUI«, Siza kufumana iqonga elilungileyo lokuphumeza iinkonzo ezahlukeneyo zenethiwekhi ye-SME. Ngokungafaniyo ne-Debian, i-CentOS / Red Hat® ibonelela ngothotho lweconsole kunye nezixhobo zemizobo ezenza ubomi bube lula kwiNkqubo okanye kuMlawuli weNethiwekhi.
Uxwebhu
Kufakelwe ngokungagqibekanga, siyifumana kulawulo:
[(Imeyile ikhuselwe) ~] # ls -l / usr/share/doc/pam-1.1.8/ Iyonke i-256 -rw-r-r--. Ingcambu ye-1 ingcambu 2045 Jun 18 2013 Ilungelo lokushicilela drwxr-xr-x. 2 ingcambu 4096 Apr 9 06:28 html -rw-r-r--. Ingcambu ye1 ingcambu 175382 Nov 5 19:13 Linux-PAM_SAG.txt -rw-r-r--. Ingcambu ye-1 ingcambu 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. 2 ingcambu 4096 Apr 9 06:28 txts
[(Imeyile ikhuselwe) ~] # ls / usr/share/doc/pam-1.1.8/txts/ README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit README. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail README .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README.pam_issue README.pam_mkhomedir README.pam_rootok README.pam_tally2 README.pam_wheel README .pam
Ewe, sikwabiza iqela leCentOS "linuxbox" njengeDebian, eya kuthi isisebenzele amanqaku azayo kwiiNethiwekhi zeSMB.
CentOS nge-GNOME3 GUI
Xa sikhetha ngexesha lofakelo ukhetho «Iseva ene-GUI«, I-GNOME3 Desktop kunye nezinye izixhobo kunye neenkqubo ezisisiseko zifakelwe ukuphuhlisa iseva. Kwinqanaba lekhonsoli, ukwazi ubume bokuqinisekisa esisiphumezayo:
[(Imeyile ikhuselwe) ~] # authconfig-tui
Sijonga ukuba ziimodyuli ze-PAM kuphela eziyimfuneko kulungelelwaniso lweseva lwangoku, nokuba imodyuli yokufunda iminwe, inkqubo yokuqinisekisa esiyifumana kwiimodeli ezithile zeLaptops.
I-CentOS ene-GNOME3 GUI ijoyine kwiMicrosoft Active Directory
Njengoko sibona, iimodyuli eziyimfuneko zongezwa kwaye zenziwa zasebenza-Winbind-ukungqinisisa ngokuchasene nesikhombisi esisebenzayo, ngelixa sikhubaza ngabom imodyuli yokufunda iminwe, kuba ayimfuneko.
Kwinqaku elizayo siza kugubungela ngokweenkcukacha indlela yokujoyina iklayenti le-CentOS 7 kwi-Microsoft Active Directory. Silindele kuphela ukuba ngesixhobo Umbhali wefonti-gtk Ukufakwa kweephakeji eziyimfuneko, ukucwangciswa kwendalo ezenzekelayo yeefayile zabasebenzisi besizinda abagunyazisa ekuhlaleni, kunye nenkqubo ngokwayo yokujoyina umxhasi kuDomain woLawulo oluSebenzayo luzenzekelayo. Mhlawumbi emva komanyano, kuya kuba yimfuneko ukuqala kwakhona ikhompyuter.
Iifayile eziphambili
Iifayile ezinxulumene nokuqinisekiswa kwe-CentOS zikwikhowudi /etc/pam.d/:
[(Imeyile ikhuselwe) ~] # ls /etc/pam.d/ atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk other smtp.postfix authconfig-tui passwd sshd config-use password-auth su crond password-auth-ac sudo iikomityi pluto sudo-i chfn polkit-1 su-l chsh postlogin Inkqubo-yesicelo somnwe we-asuth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-authentication gdm-autologin remote systemd-user gdm-fingerprint runuser vlock gdm-launch-environment runuser-l vmtoolsd gdm-password samba xserver gdm-pin ukuseta gdm-smartcard smartcard-umbhali
Iimodyuli zePAM ziyafumaneka
Sinezinto zokugcina isiseko, i-centosplus, i-epel, y uhlaziyo. Kuzo sifumana phakathi kwabanye- ezi modyuli zilandelayo zisebenzisa imiyalelo yum khangela pam-, yum khangela pam_, kwaye yum khangela libpam:
I-nss-pam-ldapd.i686: Imodyuli ye-nsswitch esebenzisa iiseva zomkhombandlela nss-pam-ldapd.x86_64: Imodyuli ye-nsswitch esebenzisa iiseva zomkhombandlela ovirt-guest-agent-pam-module.x86_64: Imodyuli ye-PAM ye-oVirt Guest Agent pam -kwallet. .x86_64: Imodyuli yePAM yokuqinisekisa ukungena kwe-plug kwi-OATH pam_pkcs86.i64: PKCS # 5 / NSS PAM module yokungena pam_pkcs686.x5_5: PKCS # 86 / NSS PAM module yokungena pam_radius.x64_5: Imodyuli yePAM yeRadiUS Authentication_mMScript. Imodyuli yokwenza izikripthi pam_snapper.i86: Imodyuli yePAM yokubiza snapper pam_snapper.x64_86: Imodyuli ye-PAM yokubiza snapper pam_ssh.x64_11: Imodyuli yePAM yokusetyenziswa nezitshixo ze-SSH kunye ne-ssh-arhente pam_ssh_agent_686 11: Imodyuli ye-PAM yokuqinisekisa nge-ssh-arhente pam_ssh_agent_auth.x11_86: Imodyuli yePAM yokuqinisekisa nge-ssh-arhente pam_url.x64_11: Imodyuli yePAM yokuqinisekisa ngeeseva ze-HTTP pam_wrapper.x86_64: Isixhobo sokuvavanya usetyenziso lwePAM kunye neemodyuli zePAM pam_yubico.x86_64: Imodyuli yokuQinisekiswa okuQinisekayo ye-yubikeys libpamtest-doc.x686_86: Amaxwebhu e-libpamtest API python-libpamtest.x64_86: Isisongeli se-python se-libpamtest libpamtest.x64_686: Isixhobo sokuvavanya usetyenziso lwe-PAM kunye neemodyuli ze-PAM. Izicelo zePAM kunye neemodyuli zePAM
Isishwankathelo
Kubalulekile ukuba nolwazi oluncinci malunga ne-PAM ukuba sifuna ukuqonda ngendlela ngokubanzi ukuba ungqinisiso lwenziwa njani ngalo lonke ixesha singena kwikhompyuter yethu yeLinux / UNIX. Kukwabalulekile ukuba sazi ukuba kuphela kukuQinisekiswa kweNgingqi esinokuthi sinikeze iinkonzo kwezinye iikhompyuter kwinethiwekhi encinci ye-SME enje nge Proxy, Imeyile, FTP, njl., Zonke zigxile kwiseva enye. Zonke iinkonzo zangaphambili -ninzi ngakumbi njengoko besibonile ngaphambili- banemodyuli yePAM.
Imithombo kudityenwe nayo
- Iincwadi zemiyalelo - amaphepha omntu.
- UqinisekisoIphepha le-Wikipedia ngeSpanish
- Iimodyuli zokuNgqinisisa eziXineneyo
- I-Red_Hat_Enterprise_Linux-6-Ukuhambisa_Isikhokelo-se-US
Inguqulelo yePDF
Khuphela uguqulelo lwePDF apha.
Kude kube kwinqaku elilandelayo!
Umbhali: UFederico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico
Inqaku elineenkcukacha kakhulu malunga nokuqinisekiswa kusetyenziswa i-PAM, ndiyavuma ukuba bendingazi ngokweenkcukacha ukusebenza kokungqinisisa kunye nezicelo ezingapheliyo kunye nezikhuselekileyo esinokukunika zona. Eli linqaku elihle elikuvumela ukuba ubenombono wobungakanani bokuqinisekiswa kwePAM, ezinokuthi zibe neenjongo ezininzi kwii-SMEs.
Elinye lamagalelo akho amakhulu, enkosi kakhulu ngezinto ezintle zeFico Material
Enkosi ngezimvo zakho, Luigys othandekayo. Injongo yenqaku kukuvula iingqondo zabafundi ngokubhekisele kwi-PAM kunye neemodyuli zayo. Ndicinga ukuba iposti iyaphumelela.
Ngendlela endikwazisa ngayo ukuba amagqabantshintshi awafikeleli kum ngeposi.
hehehe, ndilibele ukubhala idilesi yam ye-imeyile kwingxelo yangaphambili. Kungenxa yoko le nto engaziwayo engaziwayo. 😉
Inqaku elihle, njengesiqhelo.
Ufundise kakhulu uFederico, kuye kwafuneka ndijongane ne-PAM ngaphezulu kwesihlandlo esinye kwaye ndiyayithanda uyilo, kuluncedo kakhulu ukukwazi ukufaka ukusebenza kwiihuku ezivumelayo, umzekelo into yokugqibela endiyenzileyo yayiyi-REST API kwiPython / Flask eqokelela ukungena kunye nokungena kwabasebenzisi besizinda sam (isitayile esikhulu somzalwana, ukwazi yonke into), kuba abaqondi ukuba ndibeka phi iminxeba yokugoba ukwazisa i-api? Ewe ewe, kunye nePAM.
Enkosi HO2GI ngovavanyo lwesithuba.
Dhunter: Ndiyabulisa kwakhona. Njengesiqhelo wenza izinto ezinomdla kakhulu. Akukho nto, esi sithuba sesinye sezo ndikhathalogu "ukuvula iingqondo."