Ukuqinisekiswa kwePAM-Iinethiwekhi zeSME

Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo

Molweni zihlobo nabahlobo!

Ngale nqaku sizimisele ukubonelela ngesishwankathelo kwisihloko sokuNgqinisisa WFP. Sisebenzise ukusebenzisa i-Workstation yethu kunye nenkqubo yokusebenza ye-Linux / UNIX yonke imihla kwaye kunqabile ukuba sime sifunde ukuba inkqubo yokuqinisekisa yenzeka njani ngalo lonke ixesha siqala iseshoni. Ngaba siyabazi ubukho boovimba / njl / njl, kwaye / njl / isithunzi ezenza iziko ledatha eliphambili lokuNgqinisisa iziQinisekiso zabasebenzisi bendawo. Siyathemba ukuba emva kokufunda le posi uya kuba- ubuncinci- umbono ocacileyo wendlela iPAM isebenza ngayo.

Uqinisekiso

Ukuqinisekiswa-kwenjongo ebonakalayo-yindlela umsebenzisi aqinisekiswa ngayo ngokuchasene nenkqubo. Inkqubo yokuqinisekisa ifuna ubukho beseti yesazisi kunye neenkcukacha ezisemthethweni- igama lomsebenzisi kunye negama eligqithisiweyo- ezithelekiswa nolwazi olugcinwe kwindawo yogcino lwedatha. Ukuba iziqinisekiso ezibonisiweyo ziyafana nezo zigcinwe kwaye iakhawunti yomsebenzisi iyasebenza, umsebenzisi kuthiwa unjalo eyiyo uphumelele ngempumelelo okanye ngempumelelo ungqinisiso.

Nje ukuba umsebenzisi aqinisekiswe, olo lwazi ludluliselwa kwifayile ye- inkonzo yolawulo lofikelelo Ukufumanisa ukuba yintoni umsebenzisi anokuyenza kwinkqubo kwaye zeziphi izibonelelo abanazo ngenxa ugunyaziso ukufikelela kuzo.

Ulwazi lokuqinisekisa ukuba umsebenzisi unokugcinwa kwindawo yogcino lwedatha kwisistim, okanye inkqubo yendawo inokubhekisa kwindawo esele ikho kwinkqubo ekude, enje nge-LDAP, Kerberos, NIS database, njalo njalo.

Uninzi lweenkqubo zokusebenza ze-UNIX® / Linux zinezixhobo eziyimfuneko zokumisela umxhasi / inkonzo yokuqinisekiswa kweseva kweyona ntlobo zixhaphakileyo zolwazi. Ezinye zezi nkqubo zinezixhobo ezibonakalayo ezibonakalayo ezinje ngeRed Hat / CentOS, SUSE / openSUSE, nolunye usasazo.

I-PAM: Imodyuli yoQinisekiso yokuQinisekiswa

Los Iimodyuli ezifakwe ukuze zingqinisiswe Sizisebenzisa yonke imihla xa singena kwiDesktop yethu ngenkqubo yokusebenza esekwe kwiLinux / UNIX, nakwezinye iimeko ezininzi xa sifikelela kwiinkonzo zasekhaya okanye ezikude ezinemodyuli ethile ye-PAM ifakiwe yokuqinisekisa ngokuchasene nenkonzo.

Uluvo olusebenzayo lokuba iimodyuli ze-PAM ezifakiwe zinokufunyanwa ngokulandelelana kukarhulumente ungqinisiso en Iqela leDebian kunye en enye ene-CentOS esiya kuphuhlisa ngokulandelayo.

Debian

Uxwebhu

Ukuba sifaka iphakheji I-libpam-doc Siza kuba namaxwebhu amahle kakhulu akwisikhombisi / usr / share / doc / libpam-doc / html.

ingcambu @ linuxbox: ~ # ukufaneleka ukufaka libpam-doc
ingcambu @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /

Kukho namaxwebhu amaninzi kwi-PAM kwimikhombandlela:

ingcambu @ linuxbox: ~ # ls -l / usr / share / doc / | grep pam
drwxr-xr-x 2 ingcambu 4096 Apr 5 21: 11 libpam0g drwxr-xr-x 4 ingcambu 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 ingcambu 4096 Apr 5 21:30 libpam-gnome- I-keyring drwxr-xr-x 3 ingcambu yeengcambu 4096 Apr 5 21: 11 libpam-modyuli drwxr-xr-x 2 ingcambu 4096 Apr 5 21:11 libpam-iimodyuli-bin drwxr-xr-x 2 ingcambu 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 ingcambu 4096 Apr 5 21: 26 libpam-systemd drwxr-xr-x 3 ingcambu 4096 Apr 5 21:31 python-pam

Siyakholelwa ukuba ngaphambi kokukhangela amaxwebhu kwi-Intanethi, kufuneka siphinde siqwalasele leyo sele ifakiwe okanye leyo sinokuyifaka ngqo kwiipropathi zenkqubo ezikhoyo zento ethile kwaye amaxesha amaninzi sizikopisha kwi-hard drive yethu. Umzekelo woku kulandelayo:

ingcambu @ linuxbox: ~ # ngaphantsi / usr / share / doc / libpam-gnome-keyring / README
Isitshixo se-gnome yinkqubo egcina iphasiwedi kunye nezinye iimfihlo zabasebenzisi. Iqhutywa njenge daemon kwiseshoni, efanayo kwi-ssh-arhente, kunye nolunye usetyenziso ukuyifumana ngoguquguquko lwendalo okanye i-D-Bus. Inkqubo inokulawula ii-keyrings ezininzi, nganye ine-password yayo eyintloko, kwaye kukho neseshini yamaqhosha angaze agcinwe kwidiski, kodwa ilibaleke xa iseshoni iphela. Ilayibrari ye-libgnome-keyring isetyenziswa zizicelo ukudibanisa nenkqubo yezitshixo ze-GNOME.

Oko kuguqulelwe ngokukhululekileyo kufuna ukuveza:

• Isitshixo se-gnome yinkqubo ephetheyo yokugcina iiphasiwedi kunye nezinye iimfihlo zabasebenzisi. Kwiseshoni nganye isebenza njenge-daemon, efanayo ne-ssh-arhente, kunye nezinye iinkqubo ezibekwe ngokwahluka kwendalo- okusingqongileyo okanye nge-D-Bus. Inkqubo inokuphatha ii-keyrings ezininzi, nganye ine-password yayo eyintloko. Kukho iseshoni yesitshixo engazange igcinwe kwidiski enzima kwaye ilibaleke xa iseshoni iphela. Izicelo zisebenzisa ilayibrari enesitshixo sokudibanisa ukudibanisa nenkqubo yezitshixo ze-GNOME.

I-Debian eneNkqubo yokuSebenza eSisiseko

Siqala kwikhompyuter apho sisandula ukufaka i-Debian 8 "Jessie" njengeNkqubo yokuSebenza kwaye ngexesha lenkqubo yofakelo sikhetha kuphela "Izinto ezisisiseko zenkqubo", ngaphandle kokumakisha enye indlela yokufaka imisebenzi- imisebenzi okanye iipakeji ezichazwe kwangaphambili njengeseva ye-OpenSSH. Ukuba emva kokuqala kweseshoni yokuqala siphumeza:

ingcambu @ inkosi: ~ # pam-auth-uhlaziyo

Siza kufumana iziphumo zilandelayo:

Isibonisa ukuba kuphela kweModyuli yePAM esetyenzisiweyo ukuza kuthi ga ngelo xesha kukuqinisekiswa kwe-UNIX. Into eluncedo Uhlaziyo lwe-pam-Author Isivumela ukuba siqwalasele umgaqo-nkqubo ophakathi wokuqinisekisa kwinkqubo xa usebenzisa iiProfayili ezichazwe kwangaphambili ezinikezwe ziiModyuli zePAM. Ngolwazi oluthe kratya jonga indoda pam-umbhali-uhlaziyo.

Njengokuba singekayifaki iseva ye-OpenSSH, asizukuyifumana imodyuli yayo ye-PAM kulawulo /etc/pam.d/, eziya kuba neemodyuli ze-PAM kunye neeprofayili ezilayishwe kule mizuzu:

ingcambu @ inkosi: ~ # ls -l /etc/pam.d/
Iyonke i-76 -rw-r-r-- 1 ingcambu yeengcambu 235 Sep 30 2014 atd -rw-r - r-- 1 ingcambu yeengcambu 1208 Apr 6 22:06 i-akhawunti eqhelekileyo -rw-r-r-- 1 ingcambu yeengcambu 1221 Ngomhla we-6 ka-Ephreli 22: 06 eqhelekileyo-i-auth -rw-r-r-- 1 ingcambu yeengcambu 1440 Apr 6 22: 06 eqhelekileyo-iphasiwedi -rw-r-r-- 1 ingcambu yeengcambu 1156 Apr 6 22:06 iseshoni eqhelekileyo -rw -r-r-- 1 ingcambu yeengcambu 1154 Epreli 6 22: 06 eqhelekileyo-iseshoni-engasebenziyo -rw-r-r-- 1 ingcambu yeengcambu 606 Jun 11 2015 cron -rw-r - r - 1 ingcambu ingcambu 384 Nov 19 2014 chfn -rw-r-r-- 1 ingcambu ingcambu 92 Nov 19 2014 chpasswd -rw-r - r-- 1 ingcambu 581 Nov 19 2014 chsh -rw-r-- r-- 1 ingcambu 4756 Nov 19 2014 ungene -rw-r-r-- 1 ingcambu 92 Nov 19 2014 ezintsha -rw-r - r-- 1 ingcambu 520 Jan 6 2016 enye -rw-r- -r- 1 ingcambu ingcambu 92 Nov 19 2014 passwd - I-rw-r-r- 1 ingcambu yeengcambu 143 Mar 29 2015 runuser -rw-r-r-- 1 ingcambu yeengcambu 138 Mar 29 2015 runuser-l -rw -r - r-- 1 ingcambu 2257 Nov 19 2014 su - rw-r-r- 1 ingcambu yeengcambu 220 Sep 2 2016 systemd-user

Umzekelo, usebenzisa imodyuli yePAM /etc/pam.d/chfn inkqubo iqwalasela inkonzo shadow, ngelixa kugqityiwe /etc/pam.d/cron idemon ikhangelwe Cron. Ukufunda okungakumbi sinokufunda umxholo wefayile nganye efundisa kakhulu. Njengesampulu sinika ngezantsi umxholo wemodyuli /etc/pam.d/cron:

ingcambu @ inkosi: ~ # ngaphantsi /etc/pam.d/cron
# Ifayile yoqwalaselo lwePAM yedemon yedemon

@include eqhelekileyo-umbhali

# Cwangcisa inkqubo ye-loginuid yenkqubo yeseshoni efunekayo pam_loginuid.so # Funda izinto eziguquguqukayo kokusingqongileyo kwiifayile ze-pam_env, / njl njl / kwindalo # kunye /etc/security/pam_env.conf. Iseshoni efunekayo pam_env.so # Ukongeza, funda inkqubo yeseshoni yolwazi efunekayo pam_env.so envfile = / etc / default / locale

@include iakhawunti eqhelekileyo
@include Iseshoni eqhelekileyo-engasebenziyo 

# Misela umda womsebenzisi, nceda uchaze umda kwimisebenzi yekron # ngokusebenzisa /etc/security/limits.conf yeseshoni efunekayo pam_limits.so

Ukulandelelana kweengxelo kwifayile nganye kubalulekile. Ngokubanzi, asikukhuthazi ukuguqula nayiphi na ngaphandle kokuba siyazi kakuhle into esiyenzayo.

I-Debian ene-OS esezantsi + i-OpenSSH

ingcambu @ master: ~ # ukufaneleka ukufaka umsebenzi-ssh-server
Ezi phakheji zintsha zilandelayo ziya kufakelwa: opensh-server {a} openssh-sftp-server {a} task-ssh-server

Siza kuqinisekisa ukuba imodyuli yePAM yongezwa kwaye yaqwalaselwa ngokuchanekileyo ssh:

ingcambu @ inkosi: ~ # ls -l /etc/pam.d/sshd 
-rw-r-r- 1 ingcambu yeengcambu 2133 Jul 22 2016 /etc/pam.d/sshd

Ukuba sifuna ukwazi umxholo wale profayile:

ingcambu @ inkosi: ~ # ngaphantsi /etc/pam.d/sshd

Ngamanye amagama, xa sizama ukuqala iseshoni ekude kwenye ikhompyutha sisebenzisa ssh, ububhali kwi khomputha yalapha yenziwa kwimodyuli yePAM ssh ikakhulu, ngaphandle kokulibala olunye ugunyaziso kunye nemiba yezokhuseleko ebandakanyeka kwinkonzo ye-ssh ngolu hlobo.

Ngendlela, songeza ukuba eyona fayile yoqwalaselo yale nkonzo yile / njll / ssh / sshd_config, Kwaye ubuncinci kwi-Debian ifakwe ngokungagqibekanga ngaphandle kokuvumela ukungena ngemvume komsebenzisi Ingcambu. Ukuyivumela, kufuneka sitshintshe ifayile / njll / ssh / sshd_config kwaye utshintshe umgca:

I-PermitRootLogin ngaphandle kwephasiwedi

yi

ImvumeRootLogin ewe

emva koko uqalise kwakhona kwaye ujonge imeko yenkonzo ngu:

ingcambu @ master: ~ # systemctl qala kwakhona ssh
ingcambu @ master: ~ # systemctl ubume ssh

Debian kunye ne-LXDE desktop

Siyaqhubeka neqela elinye-sitshintsha igama labo okanye igama lomkhosi ngu "ibhokisi ye-linux»Ukusetyenziswa kwexesha elizayo apho sigqibe ukufaka i-LXDE Desktop. Masibaleke Uhlaziyo lwe-pam-Author kwaye siya kufumana iziphumo zilandelayo:

Inkqubo sele inike amandla zonke iiProfayili -Modyuli- eziyimfuneko ukuze zingqinwe ngokuchanekileyo ngexesha lofakelo lwe-LXDE desktop, ezi zilandelayo:

• Imodyuli yokuNgqinisisa ye-UNIX.
• Imodyuli erekhoda iiseshoni zomsebenzisi kwiQela loLawulo lweHerarchical le inkqubo.
• Imodyuli yeDemon yeDemon

• Sithatha eli thuba ukucebisa ukuba kuzo zonke iimeko, xa siceliwe "Iiprofayili zePAM ukwenza ukuba sikwazi", sikhetha ukhetho Ngaphandle kokuba siyazi kakuhle into esiyenzayo. Ukuba sitshintsha utshintsho lwe-PAM olwenziwe ngokuzenzekelayo yiNkqubo yokuSebenza ngokwayo, sinokukhubaza ngokulula ukungena kwikhompyuter.

Kule meko ingentla sithetha ngayo Ubungqina Bendawo okanye Ubungqina ngokuchasene nekhompyuter yendawo njengoko isenzeka xa siqala iseshoni ekude nge ssh.

Ukuba sisebenzisa indlela ye Ukuqinisekiswa kokude kwiqela lendawo Kubasebenzisi abaneziqinisekiso zabo ezigcinwe kwiseva ye-OpenLDAP ekude okanye kwi-Active Directory, inkqubo iya kuthathela ingqalelo indlela entsha yokuqinisekisa kwaye iya kongeza iimodyuli ze-PAM eziyimfuneko.

Iifayile eziphambili

• / njl / njlUlwazi lweAkhawunti yoMsebenzisi
• / njl / isithunziUlwazi oluKhuselekileyo lweAkhawunti zomsebenzisi
• /etc/pam.confIfayile ekufuneka isetyenzisiwe kuphela ukuba isikhombisi asikho /etc/pam.d/
• /etc/pam.d/Isalathiso apho iinkqubo kunye neenkonzo zifaka khona iimodyuli zePAM
• /etc/pam.d/passwdUqwalaselo lwePAM passwd.
• /etc/pam.d/eqhelekileyo-akhawuntiImida yokugunyazisa eqhelekileyo kuzo zonke iinkonzo
• /etc/pam.d/indlela eziqhelekileyo-authUkuqinisekiswa kweeparamitha eziqhelekileyo kuzo zonke iinkonzo
• /etc/pam.d/gama eliqhelekileyo-Iimodyuli zePAM eziqhelekileyo kuzo zonke iinkonzo ezinxulumene neephasiwedi- password
• /etc/pam.d/indlela eqhelekileyoIimodyuli zePAM eziqhelekileyo kuzo zonke iinkonzo ezinxulumene neeseshoni zomsebenzisi
• /etc/pam.d/common-session- engasebenziyoIimodyuli ze-PAM eziqhelekileyo kuzo zonke iinkonzo ezinxulumene neeseshoni ezingadibaniyo okanye ezingadingi ungenelelo lomsebenzisi, ezinje ngemisebenzi eyenziwa ekuqaleni nasekupheleni kweeseshoni ezingadibaniyo.
• / usr / share / doc / passwd /Isikhokelo samaxwebhu.

Sincoma ukuba sifunde amaphepha encwadi ye- passwd y isithunzi mediante Ukupasa komntu y isithunzi somntu. Kusempilweni nokufunda imixholo yeefayile iakhawunti eqhelekileyo, i-auth eqhelekileyo, ukubhala-okuqhelekileyo, iseshoni eqhelekileyo y iseshoni eqhelekileyo-engasebenziyo.

Iimodyuli zePAM ziyafumaneka

Ukufumana umbono weemodyuli zePAM ezikhoyo kuqala Kwindawo yokugcina esemgangathweni yaseDebian, sibaleka:

buzz @ linuxbox: ~ $ aptitude ukukhangela libpam

Uluhlu lude kwaye siza kubonisa kuphela iimodyuli ezibonisa ukuba banzi kangakanani:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Zenzele ezakho izigqibo.

CentOS

Ukuba ngexesha lenkqubo yofako sikhetha ukhetho «Iseva ene-GUI«, Siza kufumana iqonga elilungileyo lokuphumeza iinkonzo ezahlukeneyo zenethiwekhi ye-SME. Ngokungafaniyo ne-Debian, i-CentOS / Red Hat® ibonelela ngothotho lweconsole kunye nezixhobo zemizobo ezenza ubomi bube lula kwiNkqubo okanye kuMlawuli weNethiwekhi.

Uxwebhu

Kufakelwe ngokungagqibekanga, siyifumana kulawulo:

[(Imeyile ikhuselwe) ~] # ls -l / usr/share/doc/pam-1.1.8/
Iyonke i-256 -rw-r-r--. Ingcambu ye-1 ingcambu 2045 Jun 18 2013 Ilungelo lokushicilela drwxr-xr-x. 2 ingcambu 4096 Apr 9 06:28 html
-rw-r-r--. Ingcambu ye1 ingcambu 175382 Nov 5 19:13 Linux-PAM_SAG.txt -rw-r-r--. Ingcambu ye-1 ingcambu 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. 2 ingcambu 4096 Apr 9 06:28 txts

[(Imeyile ikhuselwe) ~] # ls / usr/share/doc/pam-1.1.8/txts/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit README. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail README .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README.pam_issue README.pam_mkhomedir README.pam_rootok README.pam_tally2 README.pam_wheel README .pam

Ewe, sikwabiza iqela leCentOS "linuxbox" njengeDebian, eya kuthi isisebenzele amanqaku azayo kwiiNethiwekhi zeSMB.

CentOS nge-GNOME3 GUI

Xa sikhetha ngexesha lofakelo ukhetho «Iseva ene-GUI«, I-GNOME3 Desktop kunye nezinye izixhobo kunye neenkqubo ezisisiseko zifakelwe ukuphuhlisa iseva. Kwinqanaba lekhonsoli, ukwazi ubume bokuqinisekisa esisiphumezayo:

[(Imeyile ikhuselwe) ~] # authconfig-tui

Sijonga ukuba ziimodyuli ze-PAM kuphela eziyimfuneko kulungelelwaniso lweseva lwangoku, nokuba imodyuli yokufunda iminwe, inkqubo yokuqinisekisa esiyifumana kwiimodeli ezithile zeLaptops.

I-CentOS ene-GNOME3 GUI ijoyine kwiMicrosoft Active Directory

Njengoko sibona, iimodyuli eziyimfuneko zongezwa kwaye zenziwa zasebenza-Winbind-ukungqinisisa ngokuchasene nesikhombisi esisebenzayo, ngelixa sikhubaza ngabom imodyuli yokufunda iminwe, kuba ayimfuneko.

Kwinqaku elizayo siza kugubungela ngokweenkcukacha indlela yokujoyina iklayenti le-CentOS 7 kwi-Microsoft Active Directory. Silindele kuphela ukuba ngesixhobo Umbhali wefonti-gtk Ukufakwa kweephakeji eziyimfuneko, ukucwangciswa kwendalo ezenzekelayo yeefayile zabasebenzisi besizinda abagunyazisa ekuhlaleni, kunye nenkqubo ngokwayo yokujoyina umxhasi kuDomain woLawulo oluSebenzayo luzenzekelayo. Mhlawumbi emva komanyano, kuya kuba yimfuneko ukuqala kwakhona ikhompyuter.

Iifayile eziphambili

Iifayile ezinxulumene nokuqinisekiswa kwe-CentOS zikwikhowudi /etc/pam.d/:

[(Imeyile ikhuselwe) ~] # ls /etc/pam.d/
atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk other smtp.postfix authconfig-tui passwd sshd config-use password-auth su crond password-auth-ac sudo iikomityi pluto sudo-i chfn polkit-1 su-l chsh postlogin Inkqubo-yesicelo somnwe we-asuth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-authentication gdm-autologin remote systemd-user gdm-fingerprint runuser vlock gdm-launch-environment runuser-l vmtoolsd gdm-password samba xserver gdm-pin ukuseta gdm-smartcard smartcard-umbhali

Iimodyuli zePAM ziyafumaneka

Sinezinto zokugcina isiseko, i-centosplus, i-epel, y uhlaziyo. Kuzo sifumana phakathi kwabanye- ezi modyuli zilandelayo zisebenzisa imiyalelo yum khangela pam-,  yum khangela pam_, kwaye yum khangela libpam:

I-nss-pam-ldapd.i686: Imodyuli ye-nsswitch esebenzisa iiseva zomkhombandlela nss-pam-ldapd.x86_64: Imodyuli ye-nsswitch esebenzisa iiseva zomkhombandlela ovirt-guest-agent-pam-module.x86_64: Imodyuli ye-PAM ye-oVirt Guest Agent pam -kwallet. .x86_64: Imodyuli yePAM yokuqinisekisa ukungena kwe-plug kwi-OATH pam_pkcs86.i64: PKCS # 5 / NSS PAM module yokungena pam_pkcs686.x5_5: PKCS # 86 / NSS PAM module yokungena pam_radius.x64_5: Imodyuli yePAM yeRadiUS Authentication_mMScript. Imodyuli yokwenza izikripthi pam_snapper.i86: Imodyuli yePAM yokubiza snapper pam_snapper.x64_86: Imodyuli ye-PAM yokubiza snapper pam_ssh.x64_11: Imodyuli yePAM yokusetyenziswa nezitshixo ze-SSH kunye ne-ssh-arhente pam_ssh_agent_686 11: Imodyuli ye-PAM yokuqinisekisa nge-ssh-arhente pam_ssh_agent_auth.x11_86: Imodyuli yePAM yokuqinisekisa nge-ssh-arhente pam_url.x64_11: Imodyuli yePAM yokuqinisekisa ngeeseva ze-HTTP pam_wrapper.x86_64: Isixhobo sokuvavanya usetyenziso lwePAM kunye neemodyuli zePAM pam_yubico.x86_64: Imodyuli yokuQinisekiswa okuQinisekayo ye-yubikeys libpamtest-doc.x686_86: Amaxwebhu e-libpamtest API python-libpamtest.x64_86: Isisongeli se-python se-libpamtest libpamtest.x64_686: Isixhobo sokuvavanya usetyenziso lwe-PAM kunye neemodyuli ze-PAM. Izicelo zePAM kunye neemodyuli zePAM

Isishwankathelo

Kubalulekile ukuba nolwazi oluncinci malunga ne-PAM ukuba sifuna ukuqonda ngendlela ngokubanzi ukuba ungqinisiso lwenziwa njani ngalo lonke ixesha singena kwikhompyuter yethu yeLinux / UNIX. Kukwabalulekile ukuba sazi ukuba kuphela kukuQinisekiswa kweNgingqi esinokuthi sinikeze iinkonzo kwezinye iikhompyuter kwinethiwekhi encinci ye-SME enje nge Proxy, Imeyile, FTP, njl., Zonke zigxile kwiseva enye. Zonke iinkonzo zangaphambili -ninzi ngakumbi njengoko besibonile ngaphambili- banemodyuli yePAM.

Imithombo kudityenwe nayo

• Iincwadi zemiyalelo - amaphepha omntu.
• UqinisekisoIphepha le-Wikipedia ngeSpanish
• Iimodyuli zokuNgqinisisa eziXineneyo
• I-Red_Hat_Enterprise_Linux-6-Ukuhambisa_Isikhokelo-se-US

Inguqulelo yePDF

Khuphela uguqulelo lwePDF apha.

Kude kube kwinqaku elilandelayo!

Umbhali: UFederico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico