Ijeri PAM - Awọn nẹtiwọọki SME

Atọka gbogbogbo ti jara: Awọn nẹtiwọọki Kọmputa fun Awọn SME: Ifihan

Kaabo awọn ọrẹ ati ọrẹ!

Pẹlu nkan yii a pinnu lati funni ni Akopọ si koko-ọrọ Ijeri nipasẹ Pam. A ti lo lati lo Iṣẹ-iṣẹ wa pẹlu Linux / UNIX ẹrọ ṣiṣe lojoojumọ ati pe a ṣọwọn duro lati kawe bii ẹrọ ijẹrisi ṣe nwaye nigbakugba ti a ba bẹrẹ igba kan. Njẹ a mọ ti aye ti awọn iwe-ipamọ / ati be be / passwdati / ati be be lo / ojiji ti o jẹ ipilẹ data akọkọ ti Awọn ijẹrisi Ijeri ti awọn olumulo agbegbe. A nireti pe lẹhin kika ifiweranṣẹ yii iwọ yoo ni -a kere ju - imọran ti o rọrun ti bi PAM ṣe n ṣiṣẹ.

Ijeri

Ijeri - fun awọn idi ti o wulo - ni ọna ti a ṣe wadi olumulo kan si eto kan. Ilana ijẹrisi nilo niwaju ti idanimọ ati awọn iwe-ẹri - orukọ olumulo ati ọrọ igbaniwọle - eyiti o ṣe afiwe pẹlu alaye ti o fipamọ sinu ibi ipamọ data kan. Ti awọn iwe eri ti a gbekalẹ jẹ kanna bii awọn ti o fipamọ ti akọọlẹ olumulo naa nṣiṣẹ, a sọ pe olumulo naa jẹ nile ni ifijišẹ tabi ni ifijišẹ koja awọn ìfàṣẹsí.

Lọgan ti olumulo ba ti jẹrisi, alaye naa ti kọja si iṣẹ iṣakoso wiwọle lati pinnu kini olumulo naa le ṣe ninu eto ati iru awọn orisun wo ni wọn ni aṣẹ lati wọle si wọn.

Alaye lati rii daju pe olumulo le wa ni fipamọ ni awọn apoti isura data agbegbe lori eto, tabi eto agbegbe le tọka si ibi ipamọ data ti o wa tẹlẹ lori ẹrọ latọna jijin, gẹgẹbi LDAP, Kerberos, awọn apoti isura data NIS, ati bẹbẹ lọ.

Pupọ julọ awọn ẹrọ ṣiṣiṣẹ UNIX Linux / Linux ni awọn irinṣẹ to ṣe pataki lati tunto iṣẹ ijẹrisi alabara / olupin fun awọn iru ti o wọpọ julọ ti awọn apoti isura data olumulo. Diẹ ninu awọn eto wọnyi ni awọn irinṣẹ ayaworan ti o pe pupọ bi Red Hat / CentOS, SUSE / openSUSE, ati awọn pinpin miiran.

PAM: Module Ijeri Igbaradi

Los Awọn modulu ti a fi sii fun Ijeri A lo wọn lojoojumọ nigbati a wọle si Ojú-iṣẹ wa pẹlu Linux / UNIX ẹrọ ṣiṣe, ati ni ọpọlọpọ awọn ayeye miiran nigbati a ba wọle si awọn iṣẹ agbegbe tabi latọna jijin ti o ni module PAM agbegbe kan pato fi sii fun ìfàṣẹsí lòdì sí iṣẹ naa.

Imọran iṣe ti bawo ni Awọn modulu PAM ṣe Fi sii ni a le gba nipasẹ itẹlera ipinle ti ìfàṣẹsí en a egbe pẹlu Debian ati en miiran pẹlu CentOS ti a dagbasoke nigbamii ti.

Debian

Iwe akosilẹ

Ti a ba fi package sii libpam-doc a yoo ni iwe ti o dara pupọ ti o wa ninu itọsọna naa / usr / ipin / doc / libpam-doc / html.

root @ linuxbox: ~ # aptitude fi sori ẹrọ libpam-doc
root @ linuxbox: ~ # ls -l / usr / pin / doc / libpam-doc /

Awọn iwe diẹ sii tun wa lori PAM ninu awọn ilana-ilana:

root @ linuxbox: ~ # ls -l / usr / pin / doc / | pam ọra
rootwxr-xr-x 2 root root 4096 Apr 5 21 11 libpam0g drwxr-xr-x 4 root root 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 root root 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 root root 4096 Apr 5 21:11 libpam-modulu drwxr-xr-x 2 root gbongbo 4096 Apr 5 21:11 libpam-modulu-bin drwxr-xr-x 2 root root 4096 Apr 5 21: 11 libpam-asiko asiko drwxr-xr-x 2 gbongbo root 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 root root 4096 Apr 5 21:31 python-pam

A gbagbọ pe ṣaaju ki o to jade lati wa awọn iwe lori Intanẹẹti, o yẹ ki a ṣe atunyẹwo eyi ti o ti fi sii tẹlẹ tabi eyi ti a le fi sii taara lati awọn ibi ipamọ eto ti o wa fun nkan ati ni ọpọlọpọ awọn ayeye a daakọ wọn si dirafu lile wa. Ayẹwo eyi ni atẹle:

root @ linuxbox: ~ # kere / usr / pin / doc / libpam-gnome-keyring / README
gnome-keyring jẹ eto ti o tọju ọrọ igbaniwọle ati awọn aṣiri miiran fun awọn olumulo. O ti ṣiṣẹ bi daemon ni igba, iru si ssh-agent, ati awọn ohun elo miiran wa nipasẹ iyipada ayika tabi D-Bus kan. Eto naa le ṣakoso ọpọlọpọ awọn bọtini itẹwe, ọkọọkan pẹlu ọrọigbaniwọle oluwa tirẹ, ati pe bọtini itẹwe kan tun wa eyiti a ko tọju si disk, ṣugbọn gbagbe nigbati igba naa pari. Lilo bọtini-ikawe ikawe ikawe jẹ lilo nipasẹ awọn ohun elo lati ṣepọ pẹlu eto bọtini itẹwe GNOME.

Iyẹn tumọ ni ominira fẹ fẹ sọ:

  • gnome-keyring jẹ eto ti o ni idiyele fifi awọn ọrọ igbaniwọle ati awọn aṣiri miiran fun awọn olumulo silẹ. Ninu igba kọọkan o ṣiṣẹ bi daemon, iru si oluṣowo ssh, ati si awọn ohun elo miiran ti o wa nipasẹ iyipada ayika - ayika tabi nipasẹ D-Bus. Eto naa le mu ọpọlọpọ awọn bọtini itẹwe, ọkọọkan pẹlu ọrọigbaniwọle oluwa tirẹ. Igbimọ bọtini tun wa ti a ko fipamọ sori disiki lile ti o gbagbe nigbati igba naa pari. Awọn ohun elo lo ile-ikawe libgnome-keyring lati ṣepọ pẹlu eto bọtini GNOME..

Debian pẹlu Eto Isẹ Ipilẹ

A bẹrẹ lati kọmputa kan si eyiti a ti fi Debian 8 “Jessie” sori ẹrọ gẹgẹbi Eto Isẹ ati lakoko ilana fifi sori ẹrọ a yan awọn “Awọn ohun elo eto Ipilẹ” nikan, laisi siṣamisi eyikeyi aṣayan miiran lati fi awọn iṣẹ ṣiṣe sii - awọn iṣẹ-ṣiṣe tabi awọn idii ti a ti pinnu tẹlẹ bi olupin OpenSSH. Ti lẹhin ti o bẹrẹ igba akọkọ a ṣe:

root @ titunto si: ~ # pam-auth-imudojuiwọn

a yoo gba awọn abajade wọnyi: Ijeri PAM - 01 Ijeri PAM - 02

 

 

Eyi ti o fihan wa pe Module PAM nikan ti o lo titi di akoko yẹn ni Ijeri UNIX. IwUlO imudojuiwọn pam-auth-imudojuiwọn O gba wa laaye lati tunto eto imulo idanimọ ti aarin fun eto kan nipa lilo Awọn profaili ti a Ṣaju tẹlẹ ti a pese nipasẹ awọn modulu PAM. Fun alaye diẹ sii wo ọkunrin pam-auth-imudojuiwọn.

Bi a ko ti tii fi sii olupin OpenSSH, a ko ni ri module PAM rẹ ninu itọsọna naa /ati be be/pam.d/, eyi ti yoo ni awọn modulu PAM ati awọn profaili ti kojọpọ si awọn asiko wọnyi:

root @ oluwa: ~ # ls -l /etc/pam.d/
lapapọ 76 -rw-r - r-- gbongbo gbongbo 1 Oṣu Kẹsan 235 30 atd -rw-r - r-- gbongbo gbongbo 2014 Apr 1 1208:6 iroyin-wọpọ -rw-r - r-- 22 gbongbo gbongbo 06 Apr 1 1221:6 wọpọ-auth -rw-r - r-- gbongbo gbongbo 22 Apr 06 1:1440 wọpọ-ọrọigbaniwọle -rw-r - r-- gbongbo root 6 Apr 22 06:1 igba-wọpọ -rw-r - r-- gbongbo gbongbo 1156 Apr 6 22:06 wọpọ-igba-aiṣe-ibanisọrọ -rw-r - r-- gbongbo gbongbo 1 Jun 1154 6 cron -rw-r - r - 22 root root 06 Oṣu kọkanla 1 606 chfn -rw-r - r - 11 root gbongbo 2015 Oṣu kọkanla 1 384 chpasswd -rw-r - r-- root 19 root 2014 Oṣu kọkanla 1 92 chsh -rw-r-- r-- root 19 root 2014 Nov 1 581 buwolu wọle -rw-r - r-- gbongbo gbongbo 19 Oṣu kọkanla 2014 1 awọn newusers -rw-r - r- root 4756 gbongbo 19 Jan 2014 1 miiran -rw-r- -r-- 92 root gbongbo 19 Oṣu kọkanla 2014 1 passwd -rw-r - r - 520 gbongbo root 6 Mar 2016 1 runuser -rw-r - r - root 92 root 19 Mar 2014 1 runuser-l -rw -r - r-- root 143 gbongbo 29 Oṣu kọkanla 2015 1 su -rw-r - r-- gbongbo gbongbo 138 Oṣu Kẹsan 29 2015 systemd-user

Fun apẹẹrẹ, lilo module PAM /ati be be/pam.d/chfn eto naa tunto iṣẹ naa ojiji, lakoko nipasẹ /etc/pam.d/kron daemon ti wa ni tunto cron. Lati mọ diẹ diẹ sii a le ka akoonu ti ọkọọkan awọn faili wọnyi eyiti o jẹ ẹkọ pupọ. Gẹgẹbi apẹẹrẹ a fun ni isalẹ akoonu ti module naa /etc/pam.d/kron:

root @ titunto si: ~ # kere /etc/pam.d/cron
# Faili iṣeto ni PAM fun cron daemon

ṣafikun wọpọ-auth

# Ṣeto igba ikaṣe ilana loginuid nilo pam_loginuid.so # Ka awọn oniyipada ayika lati awọn faili aiyipada ti pam_env, / ati be be lo / agbegbe # ati /etc/security/pam_env.conf. igba ti o nilo pam_env.so # Ni afikun, ka igba alaye agbegbe ti eto nilo pam_env.so envfile = / ati be be lo / aiyipada / agbegbe

pẹlu iroyin-wọpọ
fikun-igba-aiṣe-iṣepọ 

# Ṣeto awọn opin olumulo, jọwọ ṣalaye awọn ifilelẹ fun awọn iṣẹ-ṣiṣe cron # nipasẹ /etc/security/limits.conf igba ti o nilo pam_limits.so

Awọn aṣẹ ti awọn alaye laarin ọkọọkan awọn faili jẹ pataki. Ni awọn ofin gbogbogbo, a ko ṣeduro iyipada eyikeyi ninu wọn ayafi ti a ba mọ daradara ohun ti a nṣe.

Debian pẹlu ipilẹ OS + OpenSSH

root @ titunto si: ~ # aptitude fi sori ẹrọ iṣẹ-ṣiṣe-ssh-server
Awọn idii TITUN wọnyi yoo fi sori ẹrọ: openssh-server {a} openssh-sftp-server {a} iṣẹ-ṣiṣe-ssh-server

A yoo rii daju pe a fi kun module PAM ati tunto ni deede sshd:

gbongbo @ oluwa: ~ # ls -l /etc/pam.d/sshd 
-rw-r - r-- gbongbo gbongbo 1 Jul 2133 22 /etc/pam.d/sshd

Ti a ba fẹ mọ akoonu ti profaili yẹn:

root @ titunto si: ~ # kere /etc/pam.d/sshd

Ni awọn ọrọ miiran, nigba ti a ba gbiyanju lati bẹrẹ igba latọna jijin lati kọmputa miiran nipa lilo SSH, Ijeri lori kọnputa agbegbe ni a ṣe nipasẹ module PAM sshd ni akọkọ, laisi gbagbe aṣẹ miiran ati awọn aaye aabo ti o ni ipa ninu iṣẹ ssh bii iru.

Ni nkọja, a ṣafikun pe faili iṣeto akọkọ ti iṣẹ yii jẹ / ati be be / ssh / sshd_config, ati pe o kere ju ni Debian o ti fi sii nipasẹ aiyipada laisi gbigba wiwọle olumulo ibanisọrọ wọle root. Lati gba laaye, a gbọdọ yipada faili naa / ati be be / ssh / sshd_config ki o yi ila pada:

PermitRootLogin laisi-ọrọigbaniwọle

nipa

PermitRootLogin bẹẹni

ati lẹhinna tun bẹrẹ ki o ṣayẹwo ipo iṣẹ naa nipasẹ:

root @ titunto si: ~ # systemctl tun bẹrẹ ssh
root @ titunto si: ~ # systemctl ipo ssh

Debian pẹlu tabili LXDE

A tẹsiwaju pẹlu ẹgbẹ kanna - a yi orukọ wọn pada tabi hostname nipasẹ "apoti Linux»Fun lilo ọjọ iwaju- eyiti a pari fifi sori Ojú-iṣẹ LXDE sii. Jẹ ki a ṣiṣe imudojuiwọn pam-auth-imudojuiwọn ati pe a yoo gba awọn abajade wọnyi: Ijeri PAM - 03 Ijeri PAM - 04

 

Eto naa ti mu gbogbo Awọn profaili -Modules ṣiṣẹ- pataki fun ifitonileti ti o tọ lakoko fifi sori ẹrọ tabili LXDE, eyiti o jẹ atẹle:

  • UNIX Ijeri Module.
  • Modulu ti o ṣe igbasilẹ awọn akoko olumulo ni Ẹgbẹ Iṣakoso Isakoso ti eto eto.
  • GNOME Keyring Daemon Module
  • A lo aye yii lati ṣeduro pe ni gbogbo awọn ọran, nigbati a ba beere lọwọ wa “Awọn profaili PAM lati jẹki”, a yan aṣayan naa Ayafi ti a ba mọ daradara daradara ohun ti a nṣe. Ti a ba yi atunto PAM ti o ṣe laifọwọyi nipasẹ Ẹrọ Ṣiṣẹ funrararẹ, a le mu irọrun wọle wiwọle lori kọmputa.

Ninu awọn ọrọ ti o wa loke a n sọrọ nipa Ijeri Agbegbe tabi Ijeri lodi si kọnputa agbegbe bi o ti n ṣẹlẹ nigbati a ba bẹrẹ ipilẹṣẹ latọna jijin nipasẹ SSH.

Ti a ba ṣe ilana ọna kan ti Ijeri latọna jijin ninu egbe agbegbe Fun awọn olumulo pẹlu Awọn iwe eri wọn ti a fipamọ sinu olupin OpenLDAP latọna jijin tabi ni Itọsọna Iroyin, eto naa yoo ṣe akiyesi fọọmu ijẹrisi tuntun ati pe yoo ṣafikun awọn modulu PAM pataki.

Awọn faili akọkọ

  • / ati be be / passwd: Alaye Iroyin Olumulo
  • / ati be be lo / ojiji: Alaye Ailewu ti Awọn iroyin Olumulo
  • /ati be be/pam.conf: Faili ti o yẹ ki o lo nikan ti itọsọna naa ko ba si /ati be be/pam.d/
  • /ati be be/pam.d/: Itọsọna nibiti awọn eto ati awọn iṣẹ fi awọn modulu PAM wọn sii
  • /etc/pam.d/passwd: Iṣeto ni PAM fun passwd.
  • /etc/pam.d/ common -cocount: Awọn ipilẹṣẹ aṣẹ ti o wọpọ si gbogbo awọn iṣẹ
  • /etc/pam.d/ wọpọ-auth: Awọn iṣiro Ijeri ti o wọpọ si gbogbo awọn iṣẹ
  • /etc/pam.d/ wọpọ-ọrọ igbaniwọle: Awọn modulu PAM wọpọ si gbogbo awọn iṣẹ ti o ni ibatan si awọn ọrọ igbaniwọle - awọn ọrọigbaniwọle
  • /etc/pam.d/ipo-igba: Awọn modulu PAM wọpọ si gbogbo awọn iṣẹ ti o ni ibatan si awọn akoko olumulo
  • /etc/pam.d/ipọpọ-igba-aifọwọyi: Awọn modulu PAM wọpọ si gbogbo awọn iṣẹ ti o ni ibatan si awọn akoko ti kii ṣe ibaraenisọrọ tabi ti ko nilo idasilo olumulo, gẹgẹbi awọn iṣẹ ṣiṣe ti a ṣe ni ibẹrẹ ati ipari awọn akoko ti kii ṣe ibaraenisọrọ.
  • / usr / pin / doc / passwd /: Iwe ilana iwe.

A ṣe iṣeduro kika awọn oju-iwe ọwọ ti passwd y ojiji nipasẹ eniyan passwd y ojiji eniyan. O tun jẹ ilera lati ka awọn akoonu ti awọn faili naa akọọlẹ-wọpọ, wọpọ-auth, wọpọ-passwrod, igba-wọpọ y wọpọ-igba-noninractive.

Awọn modulu PAM ti o wa

Lati ni imọran awọn modulu PAM ti o wa a priori Ninu ibi ipamọ Debian boṣewa, a nṣiṣẹ:

buzz @ linuxbox: ~ $ iwadii wiwa libpam

Atokọ naa gun ati pe a yoo ṣe afihan awọn modulu nikan ti o fihan bi o ṣe gbooro to:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Fa awọn ipinnu tirẹ.

CentOS

Ti lakoko ilana fifi sori ẹrọ a yan aṣayan «Olupin pẹlu GUI«, A yoo gba pẹpẹ ti o dara lati ṣe awọn iṣẹ oriṣiriṣi fun Amẹrika Nẹtiwọọki. Ko dabi Debian, CentOS / Red Hat® nfunni ni itẹlera ti itọnisọna ati awọn irinṣẹ ayaworan ti o mu ki igbesi aye rọrun fun Eto kan tabi Oluṣakoso Nẹtiwọọki.

Iwe akosilẹ

Ti fi sori ẹrọ nipasẹ aiyipada, a wa ninu itọsọna naa:

[gbongbo @ linuxbox ~] # ls -l /usr/share/doc/pam-1.1.8/
lapapọ 256 -rw-r - r--. 1 gbongbo root 2045 Jun 18 2013 Aṣẹ-aṣẹ drwxr-xr-x. 2 root gbongbo 4096 Apr 9 06:28 html
-rw-r - r--. 1 root root 175382 Oṣu kọkanla 5 19:13 Linux-PAM_SAG.txt -rw-r - r--. 1 root root 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. 2 root gbongbo 4096 Apr 9 06:28 txts
[root @ linuxbox ~] # ls /usr/share/doc/pam-1.1.8/txts/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit README. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail README .pam_rhosts KA KApamo_tally KA KA

Bẹẹni, a tun pe ẹgbẹ CentOS "linuxbox" bi pẹlu Debian, eyi ti yoo ṣe iranṣẹ fun wa fun awọn nkan iwaju lori Awọn Nẹtiwọọki SMB.

CentOS pẹlu GNOME3 GUI

Nigbati a ba yan lakoko fifi sori ẹrọ aṣayan «Olupin pẹlu GUI«, Ojú-iṣẹ GNOME3 ati awọn ohun elo miiran ati awọn eto ipilẹ ti fi sori ẹrọ lati ṣe agbekalẹ olupin kan. Ni ipele itọnisọna, lati mọ ipo ijẹrisi ti a ṣe:

[gbongbo @ linuxbox ~] # authconfig-tui

Ijeri PAM - 05
A jẹrisi pe awọn modulu PAM nikan ti o ṣe pataki fun iṣeto olupin olupin lọwọlọwọ ni a muu ṣiṣẹ, paapaa module lati ka awọn ika ọwọ, eto idanimọ ti a rii ni diẹ ninu awọn awoṣe ti Awọn kọnputa kọnputa.

CentOS pẹlu GNOME3 GUI darapọ mọ Itọsọna Iroyin Microsoft kan

Ijeri PAM - 06 Bii a ti le rii, a ti fi kun awọn modulu to ṣe pataki ati ṣiṣẹ -winbind- fun ìfàṣẹsí lodi si Ilana Itọsọna, lakoko ti a mọọmọ mu module naa lati ka awọn ika ọwọ, nitori ko ṣe pataki.

Ninu nkan ti ọjọ iwaju a yoo bo ni apejuwe bi o ṣe le darapọ mọ alabara CentOS 7 kan si Ilana Itọsọna Microsoft. A nireti nikan pe lilo irinṣẹ aṣẹ-gtk Fifi sori ẹrọ ti awọn idii ti o yẹ, iṣeto ti ẹda adaṣe ti awọn ilana ti awọn olumulo agbegbe ti o jẹri ni agbegbe, ati ilana funrararẹ lati darapọ mọ alabara si Aṣẹ ti Itọsọna Iroyin jẹ adaṣe pupọ. Boya lẹhin iṣọkan, yoo jẹ pataki nikan lati tun bẹrẹ kọnputa naa.

Awọn faili akọkọ

Awọn faili ti o ni ibatan si Ijeri CentOS wa ninu itọsọna naa /ati be be/pam.d/:

[root @ linuxbox ~] # ls /etc/pam.d/
atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk miiran smtp.postfix authconfig-tui passwd sshd config-util ọrọigbaniwọle-auth su crond password-auth-ac sudo cups pluto sudo-i chfn polkit-1 su-l chsh postlogin eto-auth fingerprint-auth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-confirmation gdm-autologin latọna systemd-user gdm-fingerprint runuser vlock gdm-ifilole-ayika runuser-l vmtoolsd gdm-password samba xserver gdm-pin setup gdm-smartcard smartcard-auth

Awọn modulu PAM ti o wa

A ni awọn ibi ipamọ ipilẹ, centosplus, epel, y awọn imudojuiwọn. Ninu wọn a wa -iarin awọn miiran- awọn modulu atẹle nipa lilo awọn aṣẹ yum wa pam-yum wa pam_ati yum wiwa libpam:

nss-pam-ldapd.i686: Modulu nsswitch eyiti o nlo awọn olupin itọsọna nss-pam-ldapd.x86_64: Modulu nsswitch eyiti o nlo awọn olupin itọsọna ovirt-aṣoju-aṣoju-pam-module.x86_64: Modulu PAM fun oVirt Guest Agent pam -kwallet.x86_64: Modulu PAM fun KWallet pam_afs_session.x86_64: AFS PAG ati awọn ami AFS lori ibuwolu wọle pam_krb5.i686: Module Ijeri Pipese kan fun Kerberos 5 pam_krb5.x86_64: A Ijẹrisi Ijẹrisi Igbaradi nipasẹ MAPI lodi si olupin Zarafa pam_oath.x5_86: Modulu PAM kan fun ifitonileti wiwọle pluggable fun OATH pam_pkcs64.i86: PKCS # 64 / NSS PAM modulu wiwọle pam_pkcs11.x686_11: PKCS # 11 / NSS PAM iwọle modulu pam_ra. RADIUS Ijeri pam_script.x86_64: Modulu PAM fun sisẹ awọn iwe afọwọkọ pam_snapper.i11: Modulu PAM fun pipe ipepa pam_snapper.x86_64: Modulu PAM fun pipe sinapa pam_ssh.x86_64: Modulu PAM fun lilo pẹlu awọn bọtini SSH ati ssh-agent pam_h 686: Modulu PAM fun ìfàṣẹsí pẹlu ssh-agent pam_ssh_agent_auth.x86_64: PAM module fun ìfàṣẹsí pẹlu ssh-agent pam_url.x86_64: Module PAM lati jẹrisi pẹlu awọn olupin HTTP pam_wrapper.x686_86: Ọpa lati ṣe idanwo awọn ohun elo PAM ati awọn modulu PAM pam_yubico. Module Ijeri Iṣowo fun yubikeys libpamtest-doc.x64_86: Iwe-aṣẹ API ti libpamtest python-libpamtest.x64_86: Ohun-elo Python fun libpamtest libpamtest.x64_86: Ọpa kan lati ṣe idanwo awọn ohun elo PAM ati awọn modulu PAM libpamtest-devel.x64_86: irinṣẹ lati Awọn ohun elo PAM ati awọn modulu PAM

Akopọ

O ṣe pataki lati ni oye ti o kere julọ nipa PAM ti a ba fẹ loye ni ọna gbogbogbo bi a ṣe n ṣe Ijeri ni gbogbo igba ti a wọle si kọnputa Linux / UNIX wa. O tun ṣe pataki lati mọ pe pẹlu Ijeri Agbegbe nikan a le pese awọn iṣẹ si awọn kọnputa miiran ni nẹtiwọọki kekere SME bii Aṣoju, Ifiweranṣẹ, FTP, ati bẹbẹ lọ, gbogbo wọn da lori olupin kan ṣoṣo. Gbogbo awọn iṣẹ iṣaaju - ati ọpọlọpọ diẹ sii bi a ti rii tẹlẹ- ni module PAM wọn.

Awọn orisun gbìmọ

Ẹya PDF

Ṣe igbasilẹ ẹya PDF nibi.

Titi di nkan atẹle!

Onkọwe: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico


Awọn akoonu ti nkan naa faramọ awọn ilana wa ti awọn ilana olootu. Lati jabo aṣiṣe kan tẹ nibi.

Awọn asọye 6, fi tirẹ silẹ

Fi ọrọ rẹ silẹ

Adirẹsi imeeli rẹ yoo ko le ṣe atejade. O beere aaye ti wa ni samisi pẹlu *

*

*

  1. Lodidi fun data naa: Miguel Ángel Gatón
  2. Idi ti data naa: SPAM Iṣakoso, iṣakoso ọrọ asọye.
  3. Ofin: Iyọọda rẹ
  4. Ibaraẹnisọrọ data: Awọn data kii yoo ni ifọrọhan si awọn ẹgbẹ kẹta ayafi nipasẹ ọranyan ofin.
  5. Ibi ipamọ data: Alaye data ti o gbalejo nipasẹ Awọn nẹtiwọọki Occentus (EU)
  6. Awọn ẹtọ: Ni eyikeyi akoko o le ni opin, gba pada ki o paarẹ alaye rẹ.

  1.   alangba wi

    Nkan ti o ni alaye pupọ lori ijẹrisi nipa lilo PAM, Mo jẹwọ Emi ko mọ ni alaye ni iṣẹ ti ìfàṣẹsí ati nọmba ailopin ti awọn alaye ti o ni alaye diẹ sii ati aabo ti a le fun ọ. Eyi jẹ nkan nla ti o fun ọ laaye lati wo iwoye ti Ijeri PAM, eyiti o tun le ni awọn ibi-afẹde lọpọlọpọ ni Awọn SME.

    Ọkan diẹ sii ti awọn ẹbun nla rẹ, o ṣeun pupọ fun iru Ohun elo Fico to dara

  2.   afasiribo wi

    O ṣeun fun asọye rẹ, ọwọn Luigys. Idi ti nkan naa ni lati ṣii ọkan awọn onkawe nipa PAM ati awọn modulu rẹ. Mo ro pe ifiweranṣẹ naa ṣaṣeyọri.
    Ni ọna Mo sọ fun ọ pe awọn asọye ko de ọdọ mi nipasẹ meeli.

  3.   Frederick wi

    lol, Mo gbagbe lati kọ adirẹsi imeeli mi ninu asọye ti tẹlẹ. Ti o ni idi ti Anonymous fi jade. 😉

  4.   HO2GI wi

    Nla nla, bi nigbagbogbo.

  5.   agbere wi

    Ẹkọ Federico pupọ, Mo ti ni ibaṣe pẹlu PAM diẹ sii ju ẹẹkan lọ ati pe mo ṣe inudidun si apẹrẹ, o wulo pupọ lati ni anfani lati fi sii iṣẹ-ṣiṣe ni awọn kio ti o fun laaye, fun apẹẹrẹ ohun ti o kẹhin ti mo ṣe ni API isinmi ni Python / Flask ti o gba awọn iwọle ati logoff ti awọn olumulo ti agbegbe mi (ara arakunrin nla, lati mọ ohun gbogbo), nitori wọn ko gboju le ibiti mo fi awọn ipe si ọmọ-ẹhin lati sọ fun api naa? Daradara bẹẹni, pẹlu PAM.

  6.   Frederick wi

    Ṣeun HO2GI fun imọran ti ifiweranṣẹ naa.
    Apanirun: Ẹ ki lẹẹkansi. Bi igbagbogbo o n ṣe awọn nkan ti o dun pupọ. Ko si nkankan, ifiweranṣẹ yii jẹ ọkan ninu awọn ti Mo ṣe katalogi “lati ṣii awọn ọkan.”