Ukuqinisekiswa kwe-PAM - Amanethiwekhi we-SME

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani bangani nabangane!

Ngale ndatshana sihlose ukunikela ngokuBuka konke ngesihloko Sokufakazela ubuqiniso ngokusebenzisa WFP. Sijwayele ukusebenzisa i-Workstation yethu ngohlelo lwe-Linux / UNIX nsuku zonke futhi kuyaqabukela siyeke ukutadisha ukuthi inqubo yokuqinisekisa ivela kanjani isikhathi ngasinye lapho siqala iseshini. Ngabe siyazi ngobukhona bezinqolobane / njll / passwd, futhi / njll / isithunzi lokho okuyisisekelo semininingwane eyinhloko yama-Certified Certification wabasebenzisi bendawo. Siyethemba ukuthi ngemuva kokufunda lokhu okuthunyelwe uzoba-okungenani- nomqondo ocacile wokuthi iPAM isebenza kanjani.

Ukufakazela ubuqiniso

Ukufakazela ubuqiniso - ngezinhloso ezingokoqobo - yindlela umsebenzisi aqinisekiswa ngayo ngokumelene nohlelo. Inqubo yokufakazela ubuqiniso idinga ubukhona besethi yobunikazi kanye neziqinisekiso - igama lomsebenzisi nephasiwedi - eziqhathaniswa nolwazi olugcinwe ku-database. Uma iziqinisekiso ezethulwayo zifana nalezo ezigcinwe futhi i-akhawunti yomsebenzisi iyasebenza, umsebenzisi kuthiwa ungene ngemvume. eyiqiniso ngempumelelo noma ngempumelelo ukudlulisa i- ubuqiniso.

Lapho umsebenzisi eqinisekisiwe, lolo lwazi ludluliselwa kufayela le- insizakalo yokulawula ukufinyelela ukunquma ukuthi yini lowo msebenzisi angayenza ohlelweni nokuthi yiziphi izinsiza okufanele azithole ukugunyazwa ukuwafinyelela.

Imininingwane yokuqinisekisa umsebenzisi ingagcinwa kulwazi lwasendaweni ohlelweni, noma uhlelo lwendawo lungabheka kudathabheyisi ekhona kusistimu ekude, njenge-LDAP, Kerberos, database ye-NIS, njalonjalo.

Iningi lezinhlelo zokusebenza ze-UNIX® / Linux zinamathuluzi adingekayo wokumisa insizakalo yokuqinisekisa iklayenti / iseva yezinhlobo ezivame kakhulu zemininingwane yolwazi. Ezinye zalezi zinhlelo zinamathuluzi wokuqhafaza aphelele njengeRed Hat / CentOS, SUSE / openSUSE, nokunye ukusatshalaliswa.

I-PAM: Imodyuli Yokuqinisekisa Engaxhunywa

I-Los Amamojula afakwe ukufakazela ubuqiniso Siwasebenzisa nsuku zonke lapho singena kwiDeskithophu yethu ngohlelo olusebenzayo olususelwa ku-Linux / UNIX, nakwezinye izikhathi eziningi lapho sifinyelela khona izinsizakalo zasendaweni noma ezikude ezinemodyuli ethile ye-PAM kufakiwe yokuqinisekisa ngokumelene naleyo sevisi.

Umbono osebenzayo wokuthi ama-PAM Module afakwa kanjani ungatholakala ngokulandelana kombuso yokufakazela ubuqiniso en iqembu elinoDebian futhi en enye ene-CentOS lokho sikhula ngokulandelayo.

Debian

imibhalo

Uma sifaka iphakheji libpam-idokodo sizoba nemibhalo emihle kakhulu etholakala enkombeni / usr / share / doc / libpam-doc / html.

impande @ linuxbox: ~ # ukufaneleka ukufaka i-libpam-doc
impande @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /

Kukhona neminye imibhalo ku-PAM kuzinkomba:

impande @ linuxbox: ~ # ls -l / usr / share / doc / | grep pam
drwxr-xr-x 2 impande 4096 Apr 5 21:11 libpam0g drwxr-xr-x 4 impande 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 impande 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 impande 4096 Apr 5 21:11 libpam-modules drwxr-xr-x 2 impande 4096 Apr 5 21:11 libpam-modules-bin drwxr-xr-x 2 impande 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 impande 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 impande 4096 Apr 5 21:31 python-pam

Sikholelwa ukuthi ngaphambi kokuphuma siyofuna imibhalo kwi-Intanethi, kufanele sibuyekeze leyo esivele ifakiwe noma leyo esingayifaka ngqo kusuka ezinqolobaneni zohlelo ezikhona nokuthile futhi ezikhathini eziningi sizikopishela kwi-hard drive yethu. Isibonelo salokhu okulandelayo:

impande @ linuxbox: ~ # ngaphansi / usr / share / doc / libpam-gnome-keyring / README
I-gnome-keyring wuhlelo olugcina iphasiwedi nezinye izimfihlo zabasebenzisi. Iqhutshwa njenge-daemon kuseshini, efana ne-ssh-agent, nezinye izinhlelo zokusebenza ziyithola ngokuguquguquka kwemvelo noma nge-D-Bus. Uhlelo lungaphatha okhiye abaningana, ngalinye linephasiwedi yalo eyinhloko, futhi kukhona nokhiye weseshini ongalokothi ugcinwe kudiski, kodwa ukhohlwe lapho isikhathi siphela. Umtapo wolwazi we-libgnome-keyring usetshenziswa izinhlelo zokusebenza ukuhlanganisa nohlelo lwe-GNOME keyring.

Lokho okuhunyushwe ngokukhululekile kufuna ukuveza:

  • I-gnome-keyring uhlelo oluphethe ukugcina amaphasiwedi nezinye izimfihlo zabasebenzisi. Esiwombeni ngasinye isebenza njenge-daemon, efanayo ne-ssh-agent, nakwezinye izinhlelo zokusebenza ezitholakala ngokuguquguquka kwemvelo - imvelo noma nge-D-Bus. Lolu hlelo lungaphatha okhiye abaningana, ngamunye unephasiwedi eyinhloko. Kukhona neseshini yokhiye engalokothi igcinwe kwi-hard disk futhi ikhohliwe lapho isikhathi siphela. Izicelo zisebenzisa umtapo wolwazi okhiye i-libgnome-ukuhlanganisa nohlelo lwe-GNOME keyring.

I-Debian nge-Basic Operating System

Siqala kusuka kwikhompyutha esisanda kufaka kuyo i-Debian 8 "Jessie" njenge-Operating System futhi phakathi nenqubo yokufaka kwayo sikhetha kuphela "Izinsiza zohlelo oluyisisekelo", ngaphandle kokumaka enye inketho yokufaka imisebenzi - imisebenzi noma amaphakheji achazwe ngaphambilini afana neseva ye-OpenSSH. Uma ngemuva kokuqala iseshini yokuqala sisebenzisa:

impande @ master: ~ # pam-auth-update

sizothola imiphumela elandelayo: Ukuqinisekiswa kwe-PAM - 01 Ukuqinisekiswa kwe-PAM - 02

 

 

Okusikhombisa ukuthi okuwukuphela kweModyuli yePAM esetshenzisiwe kuze kube yileso sikhathi yi-UNIX Authentication. Okusetshenziswayo pam-auth-buyekeza isivumela ukumisa inqubomgomo yokuqinisekisa emaphakathi yohlelo lapho sisebenzisa Amaphrofayli Achazwe ngaphambilini anikezwe ama-PAM Module. Ngeminye imininingwane bheka indoda pam-auth-update.

Njengoba singakayifaki iseva ye-OpenSSH, ngeke siyithole imodyuli yayo ye-PAM enkombeni /etc/pam.d/, Ezoqukethe amamojula we-PAM namaphrofayela alayishwe ngalezi zikhathi:

impande @ master: ~ # ls -l /etc/pam.d/
inani eliphelele lama-76 -rw-r - r-- 1 impande izimpande 235 Sep 30 2014 atd -rw-r - r-- 1 impande impande 1208 Apr 6 22:06 common-account -rw-r - r-- 1 impande impande 1221 Apr 6 22:06 common-auth -rw-r - r-- 1 impande 1440 Apr 6 22:06 common-password -rw-r - r-- 1 izimpande 1156 Apr 6 22:06 iseshini ejwayelekile -rw-r - r-- 1 impande izimpande 1154 Apr 6 22: 06 common-session-noninteractive -rw-r - r-- 1 root root 606 Jun 11 2015 cron -rw-r - r - 1 impande impande 384 Nov 19 2014 chfn -rw-r - r-- 1 impande 92 Nov 19 2014 chpasswd -rw-r - r-- 1 impande 581 Nov 19 2014 chsh -rw-r-- r-- 1 impande 4756 Nov 19 2014 login -rw-r - r-- 1 root root 92 Nov 19 2014 newusers -rw-r - r-- 1 root root 520 Jan 6 2016 other -rw-r- -r-- 1 impande 92 Nov 19 2014 passwd -rw-r - r-- 1 impande 143 Mar 29 2015 runuser -rw-r - r-- 1 impande 138 Mar 29 2015 runuser-l -rw -r - r-- 1 impande 2257 Nov 19 2014 su -rw-r - r-- 1 impande impande 220 Sep 2 2016 systemd-umsebenzisi

Isibonelo, usebenzisa imodyuli ye-PAM /etc/pam.d/chfn uhlelo lumisa insiza shadow, ngenkathi kudlula /etc/pam.d/cron i-daemon ihlelwe cron. Ukuze ufunde okwengeziwe singafunda okuqukethwe yilawa mafayela okufundisa kakhulu. Njengesampula sinikeza ngezansi okuqukethwe kwemodyuli /etc/pam.d/cron:

impande @ master: ~ # ngaphansi /etc/pam.d/cron
# Ifayela lokumiswa kwe-PAM le-cron daemon

@faka phakathi i-common-auth

# Isetha inqubo yesimiso senqubo ye-loginuid edingekayo pam_loginuid.so # Funda okuguquguqukayo kwemvelo kusuka kumafayela we-pam_env's default, / etc / environment # kanye /etc/security/pam_env.conf. isikhathi sidingeka pam_env.so # Ngaphezu kwalokho, funda iseshini yolwazi lwesistimu edingekayo pam_env.so envfile = / etc / default / locale

@faka i-akhawunti ejwayelekile
@include common-session-noninteractive 

# Isetha imikhawulo yomsebenzisi, sicela uchaze imikhawulo yemisebenzi ye-cron # ngokusebenzisa /etc/security/limits.conf isikhathi esidingekayo pam_limits.so

Ukuhleleka kwezitatimende ngaphakathi kwefayela ngalinye kubalulekile. Ngokuvamile, asincomi ukuguqula noma iyiphi yazo ngaphandle kokuthi sazi kahle esikwenzayo.

I-Debian ene-base OS + OpenSSH

impande @ master: ~ # ukufaneleka ukufaka umsebenzi-ssh-server
Amaphakeji alandelayo amasha azofakwa: openssh-server {a} openssh-sftp-server {a} task-ssh-server

Sizoqinisekisa ukuthi imodyuli ye-PAM ingezwe futhi yamiswa kahle sshd:

impande @ master: ~ # ls -l /etc/pam.d/sshd 
-rw-r-r-- 1 impande impande 2133 Jul 22 2016 /etc/pam.d/sshd

Uma sifuna ukwazi okuqukethwe yilelo phrofayela:

impande @ master: ~ # ngaphansi /etc/pam.d/sshd

Ngamanye amagama, lapho sizama ukuqala iseshini esikude kusuka kwenye ikhompyutha sisebenzisa ssh, ukufakazela ubuqiniso kukhompyutha yasendaweni kwenziwa ngemodyuli yePAM sshd ikakhulukazi, ngaphandle kokukhohlwa okunye ukugunyazwa nezici zokuphepha ezithintekayo kwinsizakalo ye-ssh kanjalo.

Ngendlela, singeza ukuthi ifayili eliyinhloko lokumiswa kwale sevisi / njll / ssh / sshd_config, nokuthi okungenani ku-Debian ifakwa ngokuzenzakalela ngaphandle kokuvumela ukungena ngemvume komsebenzisi okusebenzisana izimpande. Ukuyivumela, kufanele siguqule ifayela / njll / ssh / sshd_config bese ushintsha umugqa:

I-PermitRootLogin ngaphandle kwe-password

por

I-PermitRootLogin yebo

bese uqala kabusha bese uhlola isimo sesevisi ngo:

impande @ master: ~ # systemctl qala kabusha ssh
impande @ master: ~ # systemctl isimo ssh

I-Debian nedeskithophu ye-LXDE

Siyaqhubeka neqembu elifanayo - sishintsha igama labo noma igama lomkhosi ngo "linuxbox»Ukusetshenziswa kwesikhathi esizayo lapho saqeda ukufaka i-LXDE Desktop. Asigijime pam-auth-buyekeza futhi sizothola imiphumela elandelayo: Ukuqinisekiswa kwe-PAM - 03 Ukuqinisekiswa kwe-PAM - 04

 

Uhlelo seluvele luwanike amandla wonke ama-Profiles -Modules- adingekayo ekuqinisekiseni okulungile ngesikhathi sokufakwa kwedeskithophu ye-LXDE, okulandelayo:

  • Module yokufakazela ubuqiniso ye-UNIX.
  • Module erekhoda izikhathi zomsebenzisi ku-Hierarchical Control Group ye i-systemd.
  • I-GNOME Keyring Daemon Module
  • Sithatha leli thuba ukuncoma ukuthi kuzo zonke izimo, lapho sicelwa ukuthi "amaphrofayili we-PAM ukuze sikwazi", sikhethe inketho Ngaphandle kokuthi sazi kahle kakhulu ukuthi senzani. Uma siguqula ukumiswa kwe-PAM okwenziwa ngokuzenzakalela yi-Operating System uqobo, singakhubaza kalula ukungena ngemvume kukhompyutha.

Ezimweni ezingenhla esikhuluma ngazo Ukufakazela ubuqiniso kwasendaweni noma Ukuqinisekisa ngokumelene nekhompyutha yasendaweni njengoba kwenzeka lapho siqala iseshini esikude ngokusebenzisa ssh.

Uma sisebenzisa indlela ye- Ukufakazela ubuqiniso kude eqenjini lendawo Kubasebenzisi abanama-Credentials abo agcinwe kuseva ekude ye-OpenLDAP noma ku-Directory Esebenzayo, uhlelo luzobheka ifomu elisha lokufakazela ubuqiniso futhi lizofaka amamojula we-PAM adingekayo.

Amafayela amakhulu

  • / njll / passwd: Imininingwane ye-Akhawunti Yomsebenzisi
  • / njll / isithunzi: Ulwazi Oluvikelekile Lwama-Akhawunti Omsebenzisi
  • /etc/pam.confIfayela okufanele lisetshenziswe kuphela uma umkhombandlela ungekho /etc/pam.d/
  • /etc/pam.d/: Uhla lwemibhalo lapho izinhlelo nezinsizakalo zifaka khona amamojula wazo we-PAM
  • /etc/pam.d/passwdUkucushwa kwe-PAM kwe- i-passwd.
  • /etc/pam.d/common-accountImingcele yokugunyazwa ejwayelekile kuwo wonke amasevisi
  • /etc/pam.d/okuvamile-auth: Imingcele yokufakazela ubuqiniso ejwayelekile kuwo wonke amasevisi
  • /etc/pam.d/okuvamile-iphasiwediAmamojula we-PAM ajwayelekile kuzo zonke izinsizakalo ezihlobene namaphasiwedi - amaphasiwedi
  • /etc/pam.d/common-sessionAmamojula we-PAM ajwayelekile kuwo wonke amasevisi ahlobene nezikhathi zomsebenzisi
  • /etc/pam.d/common-session-oninteractive: Amamojula we-PAM ajwayelekile kuzo zonke izinsizakalo ezihlobene nezikhathi ezingasebenzi noma ezingadingi ukungenelela komsebenzisi, njengemisebenzi eyenziwa ekuqaleni nasekupheleni kwezikhathi ezingasebenzelani.
  • / usr / share / doc / passwd /: Isiqondisi semibhalo.

Sincoma ukuthi ufunde amakhasi ezandla we i-passwd y Isithunzi ngokusebenzisa umuntu uphasile y isithunzi somuntu. Kuyimpilo futhi ukufunda okuqukethwe ngamafayela i-akhawunti ejwayelekile, i-common-auth, i-common-passwrod, iseshini ejwayelekile y iseshini ejwayelekile-engasebenzisani.

Amamojula we-PAM ayatholakala

Ukuthola umbono wamamojula we-PAM atholakalayo a priori Esigcinweni esijwayelekile seDebian, siyagijima:

buzz @ linuxbox: ~ $ aptitude search libpam

Uhlu lude futhi sizokhombisa kuphela amamojula akhombisa ukuthi lukhulu kangakanani:

libpam-afs-session          - PAM module to set up a PAG and obtain AFS tokens                    
libpam-alreadyloggedin      - PAM module to skip password authentication for logged users
libpam-apparmor             - changehat AppArmor library as a PAM module
libpam-barada               - PAM module to provide two-factor authentication based on HOTP
libpam-blue                 - PAM module for local authenticaction with bluetooth devices
libpam-ca                   - POSIX 1003.1e capabilities (PAM module)                             
libpam-ccreds               - Pam module to cache authentication credentials                      
libpam-cgrou                - control and monitor control groups (PAM)                            
libpam-chroot               - Chroot Pluggable Authentication Module for PAM                      
libpam-ck-connector         - ConsoleKit PAM module                 
libpam-cracklib             - PAM module to enable cracklib support 
libpam-dbus                 - A PAM module which asks the logged in user for confirmation         
libpam-duo                  - PAM module for Duo Security two-factor authentication               
libpam-dynalogin            - two-factor HOTP/TOTP authentication - implementation libs           
libpam-encfs                - PAM module to automatically mount encfs filesystems on login        
libpam-fprintd              - PAM module for fingerprint authentication trough fprintd            
libpam-geo                  - PAM module checking access of source IPs with a GeoIP database      
libpam-gnome-keyring        - PAM module to unlock the GNOME keyring upon login                   
libpam-google-authenticator - Two-step verification                 
libpam-heimdal              - PAM module for Heimdal Kerberos       
libpam-krb5                 - PAM module for MIT Kerberos           
libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos  
libpam-lda                  - Pluggable Authentication Module for LDA                         
libpam-ldapd                - PAM module for using LDAP as an authentication service              
libpam-mkhomedir            -         
libpam-mklocaluser          - Configure PAM to create a local user if it do not exist already     
libpam-modules              - Pluggable Authentication Modules for PAM                            
libpam-modules-bin          - Pluggable Authentication Modules for PAM - helper binaries          
libpam-mount                - PAM module that can mount volumes for a user session                
libpam-mysql                - PAM module allowing authentication from a MySQL server              
libpam-nufw                 - The authenticating firewall [PAM module]                            
libpam-oath                 - OATH Toolkit libpam_oath PAM module   
libpam-ocaml                - OCaml bindings for the PAM library (runtime)                        
libpam-openafs-kaserver     - AFS distributed filesystem kaserver PAM module                      
libpam-otpw                 - Use OTPW for PAM authentication       
libpam-p11                  - PAM module for using PKCS#11 smart cards                            
libpam-passwdqc             - PAM module for password strength policy enforcement                 
libpam-pgsql                - PAM module to authenticate using a PostgreSQL database              
libpam-pkcs11               - Fully featured PAM module for using PKCS#11 smart cards             
libpam-pold                 - PAM module allowing authentication using a OpenPGP smartcard        
libpam-pwdfile              - PAM module allowing authentication via an /etc/passwd-like file     
libpam-pwquality            - PAM module to check password strength 
libpam-python               - Enables PAM modules to be written in Python                         
libpam-python-doc           - Documentation for the bindings provided by libpam-python            
libpam-radius-auth          - The PAM RADIUS authentication module  
libpam-runtime              - Runtime support for the PAM library   
libpam-script               - PAM module which allows executing a script                          
libpam-shield               - locks out remote attackers trying password guessing                 
libpam-shish                - PAM module for Shishi Kerberos v5     
libpam-slurm                - PAM module to authenticate using the SLURM resource manager         
libpam-smbpass              - pluggable authentication module for Samba                           
libpam-snapper              - PAM module for Linux filesystem snapshot management tool            
libpam-ssh                  - Authenticate using SSH keys           
libpam-sshauth              - authenticate using an SSH server      
libpam-sss                  - Pam module for the System Security Services Daemon                  
libpam-systemd              - system and service manager - PAM module                             
libpam-tacplus              - PAM module for using TACACS+ as an authentication service           
libpam-tmpdir               - automatic per-user temporary directories                            
libpam-usb                  - PAM module for authentication with removable USB block devices      
libpam-winbind              - Windows domain authentication integration plugin                    
libpam-yubico               - two-factor password and YubiKey OTP PAM module                      
libpam0g                    - Pluggable Authentication Modules library                            
libpam0g-dev                - Development files for PAM             
libpam4j-java               - Java binding for libpam.so            
libpam4j-java-doc           - Documentation for Java binding for libpam.so

Zenzele iziphetho.

CentOS

Uma phakathi nenqubo yokufaka sikhetha inketho «Iseva ene-GUI«, Sizothola ipulatifomu enhle yokusebenzisa izinsizakalo ezahlukahlukene zeNethiwekhi ye-SME. Ngokungafani ne-Debian, i-CentOS / Red Hat® inikezela ngochungechunge lwamathuluzi wokuqhafaza namathuluzi wokuqhafaza enza impilo ibe lula kuSystem noma ku-Network Administrator.

imibhalo

Kufakwe ngokuzenzakalela, siyithola enkombeni:

[izimpande @ linuxbox ~] # ls -l / usr/share/doc/pam-1.1.8/
inani lama-256 -rw-r-r--. Impande eyi-1 impande 2045 Jun 18 2013 I-copyright drwxr-xr-x. Impande engu-2 impande 4096 Apr 9 06:28 html
-rw-r-r--. Impande eyi-1 impande 175382 Nov 5 19: 13 Linux-PAM_SAG.txt -rw-r - r--. Impande eyi-1 impande 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. Impande engu-2 impande 4096 Apr 9 06:28 txts
[izimpande @ linuxbox ~] # ls / usr/share/doc/pam-1.1.8/txts/
README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit likaNGIFUNDE. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail likaNGIFUNDE .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README README.pam_issue README.pam_mkhomedir README.pam_rootok README.pam_tally2 README.pam_wheel README.MEDME

Yebo, sibiza nethimba leCentOS ngokuthi "linuxbox" njengakuDebian, okuzosisiza ukuthola izindatshana ezizayo kuma-SMB Networks.

I-CentOS ene-GNOME3 GUI

Lapho sikhetha inketho «Iseva ene-GUI«, Ideskithophu ye-GNOME3 nezinye izinsiza nezinhlelo eziyisisekelo zifakiwe ukuthuthukisa iseva. Ezingeni lekhonsoli, ukwazi isimo sokuqinisekisa esisisebenzisayo:

[impande @ linuxbox ~] # authconfig-tui

Ukuqinisekiswa kwe-PAM - 05
Siqinisekisa ukuthi kuphela amamojula we-PAM adingekayo ekucushweni kweseva kwamanje anikwe amandla, noma imodyuli yokufunda iminwe, uhlelo lokufakazela ubuqiniso esiluthola kwezinye izinhlobo ze-laptop.

I-CentOS ene-GNOME3 GUI ijoyine ku-Microsoft Active Directory

Ukuqinisekiswa kwe-PAM - 06 Njengoba sibona, amamojula adingekayo angeziwe futhi anikwa amandla -i-winbind- ukufakazela ubuqiniso ngokumelene ne-Directory Directory, ngenkathi sikhubaza ngamabomu imodyuli ukuze ifunde izigxivizo zeminwe, ngoba akudingekile.

Esihlokweni esizayo sizobhala ngokuningiliziwe ukuthi ungajoyina kanjani iklayenti le-CentOS 7 kwi-Microsoft Active Directory. Silindele lokho kuphela ngethuluzi i-authoconfig-gtk Ukufakwa kwamaphakeji adingekayo, ukumiswa kokuzenzakalela kwezikhombisi zabasebenzisi besizinda eziqinisekisa endaweni, kanye nenqubo uqobo yokujoyina iklayenti ku-Domain of an Directory Directory is automated ngendlela emangalisayo. Mhlawumbe ngemuva kwenyunyana, kuzodingeka kuphela ukuqala kabusha ikhompyutha.

Amafayela amakhulu

Amafayela ahlobene nokufakazelwa ubuqiniso kwe-CentOS atholakala enkombeni /etc/pam.d/:

[izimpande @ linuxbox ~] # ls /etc/pam.d/
i-atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk enye i-smtp.postfix authconfig-tui passwd sshd config-use password-auth su crond password-auth-ac sudo izinkomishi pluto sudo-i chfn polkit-1 su-l chsh postlogin i-system-auth zeminwe-i-auth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-authentication gdm-autologin remote systemd-user gdm-fingerprint runuser vlock gdm-launch-environment runuser-l vmtoolsd gdm-password samba Ukusetha kwe-xserver gdm-pin gdm-smartcard smartcard-auth

Amamojula we-PAM ayatholakala

Sinazo izinqolobane isisekelo, i-centosplus, i-epel, y izibuyekezo. Kuzo sithola -okunye kwabanye- amamojula alandelayo asebenzisa imiyalo yum sesha pam-yum sesha pam_, futhi yum sesha i-libpam:

nss-pam-ldapd.i686: Imodyuli ye-nsswitch esebenzisa amaseva esiqondisi nss-pam-ldapd.x86_64: I-module ye-nsswitch esebenzisa amaseva esiqondisi ovirt-guest-agent-pam-module.x86_64: module ye-PAM ye-oVirt Guest Agent pam -kwallet. nge-MAPI emelene nesiphakeli seZarafa pam_oath.x86_64: Imodyuli ye-PAM yokufakazela ubuqiniso bokungena ngemvume kwe-OATH pam_pkcs86.i64: PKCS # 5 / NSS PAM module module pam_pkcs686.x5_5: PKCS # 86 / NSS PAM module module pam_radius.x64_5: PAM Module for PAM Module for PAM Module for Ukuqinisekiswa kwe-RADIUS pam_script.x86_64: Imodyuli ye-PAM yokwenza imibhalo pam_snapper.i86: Imodyuli ye-PAM yokubiza snapper pam_snapper.x64_11: module ye-PAM yokubiza snapper pam_ssh.x686_11: Imodyuli ye-PAM yokusetshenziswa nezinkinobho ze-SSH kanye ne-ssh-agent pam_ssh_agent_11 86: Imodyuli ye-PAM yokufakazela ubuqiniso nge-ssh-agent pam_ssh_agent_auth.x64_11: Imodyuli ye-PAM yokuqinisekisa nge-ssh-agent pam_url.x86_64: Imodyuli ye-PAM yokuqinisekisa ngamaseva we-HTTP pam_wrapper.x86_64: Ithuluzi lokuhlola izinhlelo ze-PAM namamojula we-PAM pam_yubico.x686_86: I-Module Yokufakazela Ukuqinisekisa ye-yubikeys libpamtest-doc.x64_86: Imibhalo ye-libpamtest API python-libpamtest.x64_686: Isisongeli se-python se-libpamtest libpamtest.x86_64: Ithuluzi lokuhlola izinhlelo ze-PAM namamojula we-PAM libpamtest-devel.x86_64: Ithuluzi lokuhlola Izicelo ze-PAM namamojula we-PAM

Isifingqo

Kubalulekile ukuba nolwazi oluncane ngePAM uma sifuna ukuqonda ngendlela ejwayelekile ukuthi Ukuqinisekiswa kwenziwa kanjani njalo lapho singena kwikhompyutha yethu yeLinux / UNIX. Kubalulekile futhi ukwazi ukuthi kuphela nge-Local Authentication lapho singahlinzeka ngezinsizakalo kwamanye amakhompyutha kunethiwekhi encane ye-SME efana ne-Proxy, Mail, FTP, njll, konke kugxilwe kuseva eyodwa. Zonke izinsizakalo zangaphambilini-nezinye eziningi njengoba sibonile ngaphambili- zinemodyuli ye-PAM.

Imithombo exoxiwe

Inguqulo ye-PDF

Landa inguqulo ye-PDF lapha.

Kuze kube yindatshana elandelayo!

Umbhali: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-6, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   isibankwa kusho

    I-athikili enemininingwane eminingi yokufakazela ubuqiniso besebenzisa i-PAM, ngiyavuma ukuthi bengingazi ngokuningiliziwe ukusebenza kokufakazela ubuqiniso nenombolo engapheli yezicelo ezinemininingwane eminingi neziphephile esingakunika zona. Le yindatshana enhle ekuvumela ukuthi ubone ngeso lengqondo ubukhulu bokufakazelwa ubuqiniso be-PAM, nakho okungaba nezinhloso eziningi kuma-SME.

    Omunye weminikelo yakho emikhulu, ngiyabonga kakhulu ngeFico Material enhle kangaka

  2.   engaziwa kusho

    Siyabonga ngokuphawula kwakho, Luigys othandekayo. Inhloso yendatshana ukuvula izingqondo zabafundi ku-PAM nakumamojula ayo. Ngicabanga ukuthi okuthunyelwe kuyaphumelela.
    Ngendlela engikwazisa ngayo ukuthi imibono ayingifinyeleli ngeposi.

  3.   frederico kusho

    lol, ngikhohliwe ukubhala ikheli lami le-imeyili kumazwana angaphambilini. Kungakho kuphuma okungaziwa. 😉

  4.   I-HO2GI kusho

    I-athikili enhle, njengenjwayelo.

  5.   isihlibhi kusho

    UFederico ofundisa kakhulu, kuye kwadingeka ngibhekane ne-PAM kaningi futhi ngiyayithanda idizayini, kuyasiza kakhulu ukukwazi ukufaka ukusebenza kuzingwegwe ezivumelayo, ngokwesibonelo into yokugcina engiyenzile kwakuyi-REST API ePython / Flask eqoqayo ukungena nokungena kwabasebenzisi besizinda sami (isitayela somfowethu omkhulu, ukwazi konke), ngoba abaqageli ukuthi ngibeka kuphi izingcingo zokugoba ukwazisa i-api? Yebo, nge-PAM.

  6.   frederico kusho

    Ngiyabonga HO2GI ngokuhlola okuthunyelwe.
    Dhunter: Ngiyabingelela futhi. Njengenjwayelo wenza izinto ezithakazelisa kakhulu. Lutho, lokhu okuthunyelwe kungenye yalezo engizibhalayo "ukuvula izingqondo."