Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
Sanibonani bangani nabangane!
Ngale ndatshana sihlose ukunikela ngokuBuka konke ngesihloko Sokufakazela ubuqiniso ngokusebenzisa WFP. Sijwayele ukusebenzisa i-Workstation yethu ngohlelo lwe-Linux / UNIX nsuku zonke futhi kuyaqabukela siyeke ukutadisha ukuthi inqubo yokuqinisekisa ivela kanjani isikhathi ngasinye lapho siqala iseshini. Ngabe siyazi ngobukhona bezinqolobane / njll / passwd, futhi / njll / isithunzi lokho okuyisisekelo semininingwane eyinhloko yama-Certified Certification wabasebenzisi bendawo. Siyethemba ukuthi ngemuva kokufunda lokhu okuthunyelwe uzoba-okungenani- nomqondo ocacile wokuthi iPAM isebenza kanjani.
Ukufakazela ubuqiniso
Ukufakazela ubuqiniso - ngezinhloso ezingokoqobo - yindlela umsebenzisi aqinisekiswa ngayo ngokumelene nohlelo. Inqubo yokufakazela ubuqiniso idinga ubukhona besethi yobunikazi kanye neziqinisekiso - igama lomsebenzisi nephasiwedi - eziqhathaniswa nolwazi olugcinwe ku-database. Uma iziqinisekiso ezethulwayo zifana nalezo ezigcinwe futhi i-akhawunti yomsebenzisi iyasebenza, umsebenzisi kuthiwa ungene ngemvume. eyiqiniso ngempumelelo noma ngempumelelo ukudlulisa i- ubuqiniso.
Lapho umsebenzisi eqinisekisiwe, lolo lwazi ludluliselwa kufayela le- insizakalo yokulawula ukufinyelela ukunquma ukuthi yini lowo msebenzisi angayenza ohlelweni nokuthi yiziphi izinsiza okufanele azithole ukugunyazwa ukuwafinyelela.
Imininingwane yokuqinisekisa umsebenzisi ingagcinwa kulwazi lwasendaweni ohlelweni, noma uhlelo lwendawo lungabheka kudathabheyisi ekhona kusistimu ekude, njenge-LDAP, Kerberos, database ye-NIS, njalonjalo.
Iningi lezinhlelo zokusebenza ze-UNIX® / Linux zinamathuluzi adingekayo wokumisa insizakalo yokuqinisekisa iklayenti / iseva yezinhlobo ezivame kakhulu zemininingwane yolwazi. Ezinye zalezi zinhlelo zinamathuluzi wokuqhafaza aphelele njengeRed Hat / CentOS, SUSE / openSUSE, nokunye ukusatshalaliswa.
I-PAM: Imodyuli Yokuqinisekisa Engaxhunywa
I-Los Amamojula afakwe ukufakazela ubuqiniso Siwasebenzisa nsuku zonke lapho singena kwiDeskithophu yethu ngohlelo olusebenzayo olususelwa ku-Linux / UNIX, nakwezinye izikhathi eziningi lapho sifinyelela khona izinsizakalo zasendaweni noma ezikude ezinemodyuli ethile ye-PAM kufakiwe yokuqinisekisa ngokumelene naleyo sevisi.
Umbono osebenzayo wokuthi ama-PAM Module afakwa kanjani ungatholakala ngokulandelana kombuso yokufakazela ubuqiniso en iqembu elinoDebian futhi en enye ene-CentOS lokho sikhula ngokulandelayo.
Debian
imibhalo
Uma sifaka iphakheji libpam-idokodo sizoba nemibhalo emihle kakhulu etholakala enkombeni / usr / share / doc / libpam-doc / html.
impande @ linuxbox: ~ # ukufaneleka ukufaka i-libpam-doc impande @ linuxbox: ~ # ls -l / usr / share / doc / libpam-doc /
Kukhona neminye imibhalo ku-PAM kuzinkomba:
impande @ linuxbox: ~ # ls -l / usr / share / doc / | grep pam drwxr-xr-x 2 impande 4096 Apr 5 21:11 libpam0g drwxr-xr-x 4 impande 4096 Apr 7 16:31 libpam-doc drwxr-xr-x 2 impande 4096 Apr 5 21:30 libpam-gnome- keyring drwxr-xr-x 3 impande 4096 Apr 5 21:11 libpam-modules drwxr-xr-x 2 impande 4096 Apr 5 21:11 libpam-modules-bin drwxr-xr-x 2 impande 4096 Apr 5 21: 11 libpam-runtime drwxr-xr-x 2 impande 4096 Apr 5 21:26 libpam-systemd drwxr-xr-x 3 impande 4096 Apr 5 21:31 python-pam
Sikholelwa ukuthi ngaphambi kokuphuma siyofuna imibhalo kwi-Intanethi, kufanele sibuyekeze leyo esivele ifakiwe noma leyo esingayifaka ngqo kusuka ezinqolobaneni zohlelo ezikhona nokuthile futhi ezikhathini eziningi sizikopishela kwi-hard drive yethu. Isibonelo salokhu okulandelayo:
impande @ linuxbox: ~ # ngaphansi / usr / share / doc / libpam-gnome-keyring / README I-gnome-keyring wuhlelo olugcina iphasiwedi nezinye izimfihlo zabasebenzisi. Iqhutshwa njenge-daemon kuseshini, efana ne-ssh-agent, nezinye izinhlelo zokusebenza ziyithola ngokuguquguquka kwemvelo noma nge-D-Bus. Uhlelo lungaphatha okhiye abaningana, ngalinye linephasiwedi yalo eyinhloko, futhi kukhona nokhiye weseshini ongalokothi ugcinwe kudiski, kodwa ukhohlwe lapho isikhathi siphela. Umtapo wolwazi we-libgnome-keyring usetshenziswa izinhlelo zokusebenza ukuhlanganisa nohlelo lwe-GNOME keyring.
Lokho okuhunyushwe ngokukhululekile kufuna ukuveza:
- I-gnome-keyring uhlelo oluphethe ukugcina amaphasiwedi nezinye izimfihlo zabasebenzisi. Esiwombeni ngasinye isebenza njenge-daemon, efanayo ne-ssh-agent, nakwezinye izinhlelo zokusebenza ezitholakala ngokuguquguquka kwemvelo - imvelo noma nge-D-Bus. Lolu hlelo lungaphatha okhiye abaningana, ngamunye unephasiwedi eyinhloko. Kukhona neseshini yokhiye engalokothi igcinwe kwi-hard disk futhi ikhohliwe lapho isikhathi siphela. Izicelo zisebenzisa umtapo wolwazi okhiye i-libgnome-ukuhlanganisa nohlelo lwe-GNOME keyring.
I-Debian nge-Basic Operating System
Siqala kusuka kwikhompyutha esisanda kufaka kuyo i-Debian 8 "Jessie" njenge-Operating System futhi phakathi nenqubo yokufaka kwayo sikhetha kuphela "Izinsiza zohlelo oluyisisekelo", ngaphandle kokumaka enye inketho yokufaka imisebenzi - imisebenzi noma amaphakheji achazwe ngaphambilini afana neseva ye-OpenSSH. Uma ngemuva kokuqala iseshini yokuqala sisebenzisa:
impande @ master: ~ # pam-auth-update
sizothola imiphumela elandelayo:
Okusikhombisa ukuthi okuwukuphela kweModyuli yePAM esetshenzisiwe kuze kube yileso sikhathi yi-UNIX Authentication. Okusetshenziswayo pam-auth-buyekeza isivumela ukumisa inqubomgomo yokuqinisekisa emaphakathi yohlelo lapho sisebenzisa Amaphrofayli Achazwe ngaphambilini anikezwe ama-PAM Module. Ngeminye imininingwane bheka indoda pam-auth-update.
Njengoba singakayifaki iseva ye-OpenSSH, ngeke siyithole imodyuli yayo ye-PAM enkombeni /etc/pam.d/, Ezoqukethe amamojula we-PAM namaphrofayela alayishwe ngalezi zikhathi:
impande @ master: ~ # ls -l /etc/pam.d/ inani eliphelele lama-76 -rw-r - r-- 1 impande izimpande 235 Sep 30 2014 atd -rw-r - r-- 1 impande impande 1208 Apr 6 22:06 common-account -rw-r - r-- 1 impande impande 1221 Apr 6 22:06 common-auth -rw-r - r-- 1 impande 1440 Apr 6 22:06 common-password -rw-r - r-- 1 izimpande 1156 Apr 6 22:06 iseshini ejwayelekile -rw-r - r-- 1 impande izimpande 1154 Apr 6 22: 06 common-session-noninteractive -rw-r - r-- 1 root root 606 Jun 11 2015 cron -rw-r - r - 1 impande impande 384 Nov 19 2014 chfn -rw-r - r-- 1 impande 92 Nov 19 2014 chpasswd -rw-r - r-- 1 impande 581 Nov 19 2014 chsh -rw-r-- r-- 1 impande 4756 Nov 19 2014 login -rw-r - r-- 1 root root 92 Nov 19 2014 newusers -rw-r - r-- 1 root root 520 Jan 6 2016 other -rw-r- -r-- 1 impande 92 Nov 19 2014 passwd -rw-r - r-- 1 impande 143 Mar 29 2015 runuser -rw-r - r-- 1 impande 138 Mar 29 2015 runuser-l -rw -r - r-- 1 impande 2257 Nov 19 2014 su -rw-r - r-- 1 impande impande 220 Sep 2 2016 systemd-umsebenzisi
Isibonelo, usebenzisa imodyuli ye-PAM /etc/pam.d/chfn uhlelo lumisa insiza shadow, ngenkathi kudlula /etc/pam.d/cron i-daemon ihlelwe cron. Ukuze ufunde okwengeziwe singafunda okuqukethwe yilawa mafayela okufundisa kakhulu. Njengesampula sinikeza ngezansi okuqukethwe kwemodyuli /etc/pam.d/cron:
impande @ master: ~ # ngaphansi /etc/pam.d/cron # Ifayela lokumiswa kwe-PAM le-cron daemon @faka phakathi i-common-auth # Isetha inqubo yesimiso senqubo ye-loginuid edingekayo pam_loginuid.so # Funda okuguquguqukayo kwemvelo kusuka kumafayela we-pam_env's default, / etc / environment # kanye /etc/security/pam_env.conf. isikhathi sidingeka pam_env.so # Ngaphezu kwalokho, funda iseshini yolwazi lwesistimu edingekayo pam_env.so envfile = / etc / default / locale @faka i-akhawunti ejwayelekile @include common-session-noninteractive # Isetha imikhawulo yomsebenzisi, sicela uchaze imikhawulo yemisebenzi ye-cron # ngokusebenzisa /etc/security/limits.conf isikhathi esidingekayo pam_limits.so
Ukuhleleka kwezitatimende ngaphakathi kwefayela ngalinye kubalulekile. Ngokuvamile, asincomi ukuguqula noma iyiphi yazo ngaphandle kokuthi sazi kahle esikwenzayo.
I-Debian ene-base OS + OpenSSH
impande @ master: ~ # ukufaneleka ukufaka umsebenzi-ssh-server Amaphakeji alandelayo amasha azofakwa: openssh-server {a} openssh-sftp-server {a} task-ssh-server
Sizoqinisekisa ukuthi imodyuli ye-PAM ingezwe futhi yamiswa kahle sshd:
impande @ master: ~ # ls -l /etc/pam.d/sshd -rw-r-r-- 1 impande impande 2133 Jul 22 2016 /etc/pam.d/sshd
Uma sifuna ukwazi okuqukethwe yilelo phrofayela:
impande @ master: ~ # ngaphansi /etc/pam.d/sshd
Ngamanye amagama, lapho sizama ukuqala iseshini esikude kusuka kwenye ikhompyutha sisebenzisa ssh, ukufakazela ubuqiniso kukhompyutha yasendaweni kwenziwa ngemodyuli yePAM sshd ikakhulukazi, ngaphandle kokukhohlwa okunye ukugunyazwa nezici zokuphepha ezithintekayo kwinsizakalo ye-ssh kanjalo.
Ngendlela, singeza ukuthi ifayili eliyinhloko lokumiswa kwale sevisi / njll / ssh / sshd_config, nokuthi okungenani ku-Debian ifakwa ngokuzenzakalela ngaphandle kokuvumela ukungena ngemvume komsebenzisi okusebenzisana izimpande. Ukuyivumela, kufanele siguqule ifayela / njll / ssh / sshd_config bese ushintsha umugqa:
I-PermitRootLogin ngaphandle kwe-password
por
I-PermitRootLogin yebo
bese uqala kabusha bese uhlola isimo sesevisi ngo:
impande @ master: ~ # systemctl qala kabusha ssh impande @ master: ~ # systemctl isimo ssh
I-Debian nedeskithophu ye-LXDE
Siyaqhubeka neqembu elifanayo - sishintsha igama labo noma igama lomkhosi ngo "ibhokisi le-linux»Ukusetshenziswa kwesikhathi esizayo lapho saqeda ukufaka i-LXDE Desktop. Asigijime pam-auth-buyekeza futhi sizothola imiphumela elandelayo:
Uhlelo seluvele luwanike amandla wonke ama-Profiles -Modules- adingekayo ekuqinisekiseni okulungile ngesikhathi sokufakwa kwedeskithophu ye-LXDE, okulandelayo:
- Module yokufakazela ubuqiniso ye-UNIX.
- Module erekhoda izikhathi zomsebenzisi ku-Hierarchical Control Group ye i-systemd.
- I-GNOME Keyring Daemon Module
- Sithatha leli thuba ukuncoma ukuthi kuzo zonke izimo, lapho sicelwa ukuthi "amaphrofayili we-PAM ukuze sikwazi", sikhethe inketho Ngaphandle kokuthi sazi kahle kakhulu ukuthi senzani. Uma siguqula ukumiswa kwe-PAM okwenziwa ngokuzenzakalela yi-Operating System uqobo, singakhubaza kalula ukungena ngemvume kukhompyutha.
Ezimweni ezingenhla esikhuluma ngazo Ukufakazela ubuqiniso kwasendaweni noma Ukuqinisekisa ngokumelene nekhompyutha yasendaweni njengoba kwenzeka lapho siqala iseshini esikude ngokusebenzisa ssh.
Uma sisebenzisa indlela ye- Ukufakazela ubuqiniso kude eqenjini lendawo Kubasebenzisi abanama-Credentials abo agcinwe kuseva ekude ye-OpenLDAP noma ku-Directory Esebenzayo, uhlelo luzobheka ifomu elisha lokufakazela ubuqiniso futhi lizofaka amamojula we-PAM adingekayo.
Amafayela amakhulu
- / njll / passwd: Imininingwane ye-Akhawunti Yomsebenzisi
- / njll / isithunzi: Ulwazi Oluvikelekile Lwama-Akhawunti Omsebenzisi
- /etc/pam.confIfayela okufanele lisetshenziswe kuphela uma umkhombandlela ungekho /etc/pam.d/
- /etc/pam.d/: Uhla lwemibhalo lapho izinhlelo nezinsizakalo zifaka khona amamojula wazo we-PAM
- /etc/pam.d/passwdUkucushwa kwe-PAM kwe- i-passwd.
- /etc/pam.d/common-accountImingcele yokugunyazwa ejwayelekile kuwo wonke amasevisi
- /etc/pam.d/okuvamile-auth: Imingcele yokufakazela ubuqiniso ejwayelekile kuwo wonke amasevisi
- /etc/pam.d/okuvamile-iphasiwediAmamojula we-PAM ajwayelekile kuzo zonke izinsizakalo ezihlobene namaphasiwedi - amaphasiwedi
- /etc/pam.d/common-sessionAmamojula we-PAM ajwayelekile kuwo wonke amasevisi ahlobene nezikhathi zomsebenzisi
- /etc/pam.d/common-session-oninteractive: Amamojula we-PAM ajwayelekile kuzo zonke izinsizakalo ezihlobene nezikhathi ezingasebenzi noma ezingadingi ukungenelela komsebenzisi, njengemisebenzi eyenziwa ekuqaleni nasekupheleni kwezikhathi ezingasebenzelani.
- / usr / share / doc / passwd /: Isiqondisi semibhalo.
Sincoma ukuthi ufunde amakhasi ezandla we i-passwd y Isithunzi ngokusebenzisa umuntu uphasile y isithunzi somuntu. Kuyimpilo futhi ukufunda okuqukethwe ngamafayela i-akhawunti ejwayelekile, i-common-auth, i-common-passwrod, iseshini ejwayelekile y iseshini ejwayelekile-engasebenzisani.
Amamojula we-PAM ayatholakala
Ukuthola umbono wamamojula we-PAM atholakalayo a priori Esigcinweni esijwayelekile seDebian, siyagijima:
buzz @ linuxbox: ~ $ aptitude search libpam
Uhlu lude futhi sizokhombisa kuphela amamojula akhombisa ukuthi lukhulu kangakanani:
libpam-afs-session - PAM module to set up a PAG and obtain AFS tokens libpam-alreadyloggedin - PAM module to skip password authentication for logged users libpam-apparmor - changehat AppArmor library as a PAM module libpam-barada - PAM module to provide two-factor authentication based on HOTP libpam-blue - PAM module for local authenticaction with bluetooth devices libpam-ca - POSIX 1003.1e capabilities (PAM module) libpam-ccreds - Pam module to cache authentication credentials libpam-cgrou - control and monitor control groups (PAM) libpam-chroot - Chroot Pluggable Authentication Module for PAM libpam-ck-connector - ConsoleKit PAM module libpam-cracklib - PAM module to enable cracklib support libpam-dbus - A PAM module which asks the logged in user for confirmation libpam-duo - PAM module for Duo Security two-factor authentication libpam-dynalogin - two-factor HOTP/TOTP authentication - implementation libs libpam-encfs - PAM module to automatically mount encfs filesystems on login libpam-fprintd - PAM module for fingerprint authentication trough fprintd libpam-geo - PAM module checking access of source IPs with a GeoIP database libpam-gnome-keyring - PAM module to unlock the GNOME keyring upon login libpam-google-authenticator - Two-step verification libpam-heimdal - PAM module for Heimdal Kerberos libpam-krb5 - PAM module for MIT Kerberos libpam-krb5-migrate-heimdal - PAM module for migrating to Kerberos libpam-lda - Pluggable Authentication Module for LDA libpam-ldapd - PAM module for using LDAP as an authentication service libpam-mkhomedir - libpam-mklocaluser - Configure PAM to create a local user if it do not exist already libpam-modules - Pluggable Authentication Modules for PAM libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries libpam-mount - PAM module that can mount volumes for a user session libpam-mysql - PAM module allowing authentication from a MySQL server libpam-nufw - The authenticating firewall [PAM module] libpam-oath - OATH Toolkit libpam_oath PAM module libpam-ocaml - OCaml bindings for the PAM library (runtime) libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module libpam-otpw - Use OTPW for PAM authentication libpam-p11 - PAM module for using PKCS#11 smart cards libpam-passwdqc - PAM module for password strength policy enforcement libpam-pgsql - PAM module to authenticate using a PostgreSQL database libpam-pkcs11 - Fully featured PAM module for using PKCS#11 smart cards libpam-pold - PAM module allowing authentication using a OpenPGP smartcard libpam-pwdfile - PAM module allowing authentication via an /etc/passwd-like file libpam-pwquality - PAM module to check password strength libpam-python - Enables PAM modules to be written in Python libpam-python-doc - Documentation for the bindings provided by libpam-python libpam-radius-auth - The PAM RADIUS authentication module libpam-runtime - Runtime support for the PAM library libpam-script - PAM module which allows executing a script libpam-shield - locks out remote attackers trying password guessing libpam-shish - PAM module for Shishi Kerberos v5 libpam-slurm - PAM module to authenticate using the SLURM resource manager libpam-smbpass - pluggable authentication module for Samba libpam-snapper - PAM module for Linux filesystem snapshot management tool libpam-ssh - Authenticate using SSH keys libpam-sshauth - authenticate using an SSH server libpam-sss - Pam module for the System Security Services Daemon libpam-systemd - system and service manager - PAM module libpam-tacplus - PAM module for using TACACS+ as an authentication service libpam-tmpdir - automatic per-user temporary directories libpam-usb - PAM module for authentication with removable USB block devices libpam-winbind - Windows domain authentication integration plugin libpam-yubico - two-factor password and YubiKey OTP PAM module libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM libpam4j-java - Java binding for libpam.so libpam4j-java-doc - Documentation for Java binding for libpam.so
Zenzele iziphetho.
CentOS
Uma phakathi nenqubo yokufaka sikhetha inketho «Iseva ene-GUI«, Sizothola ipulatifomu enhle yokusebenzisa izinsizakalo ezahlukahlukene zeNethiwekhi ye-SME. Ngokungafani ne-Debian, i-CentOS / Red Hat® inikezela ngochungechunge lwamathuluzi wokuqhafaza namathuluzi wokuqhafaza enza impilo ibe lula kuSystem noma ku-Network Administrator.
imibhalo
Kufakwe ngokuzenzakalela, siyithola enkombeni:
[izimpande @ linuxbox ~] # ls -l / usr/share/doc/pam-1.1.8/ inani lama-256 -rw-r-r--. Impande eyi-1 impande 2045 Jun 18 2013 I-copyright drwxr-xr-x. Impande engu-2 impande 4096 Apr 9 06:28 html -rw-r-r--. Impande eyi-1 impande 175382 Nov 5 19: 13 Linux-PAM_SAG.txt -rw-r - r--. Impande eyi-1 impande 67948 Jun 18 2013 rfc86.0.txt drwxr-xr-x. Impande engu-2 impande 4096 Apr 9 06:28 txts
[izimpande @ linuxbox ~] # ls / usr/share/doc/pam-1.1.8/txts/ README.pam_access README.pam_exec README.pam_lastlog README.pam_namespace README.pam_selinux README.pam_timestamp README.pam_console README.pam_faildelay README.pam_limits README.pam_nologin README.pam_sepermit README.pam_tty_audit README.pam_cracklib README.pam_faillock README.pam_listfile README.pam_permit likaNGIFUNDE. pam_shells README.pam_umask README.pam_chroot README.pam_filter README.pam_localuser README.pam_postgresok README.pam_stress README.pam_unix README.pam_debug README.pam_ftp README.pam_loginuid README.pam_pwhistory README.pam_succeed_if README.pam_userdb README.pam_deny README.pam_group README.pam_mail likaNGIFUNDE .pam_rhosts README.pam_tally README.pam_warn README.pam_echo README README.pam_issue README.pam_mkhomedir README.pam_rootok README.pam_tally2 README.pam_wheel README.MEDME
Yebo, sibiza nethimba leCentOS ngokuthi "linuxbox" njengakuDebian, okuzosisiza ukuthola izindatshana ezizayo kuma-SMB Networks.
I-CentOS ene-GNOME3 GUI
Lapho sikhetha inketho «Iseva ene-GUI«, Ideskithophu ye-GNOME3 nezinye izinsiza nezinhlelo eziyisisekelo zifakiwe ukuthuthukisa iseva. Ezingeni lekhonsoli, ukwazi isimo sokuqinisekisa esisisebenzisayo:
[impande @ linuxbox ~] # authconfig-tui
Siqinisekisa ukuthi kuphela amamojula we-PAM adingekayo ekucushweni kweseva kwamanje anikwe amandla, noma imodyuli yokufunda iminwe, uhlelo lokufakazela ubuqiniso esiluthola kwezinye izinhlobo ze-laptop.
I-CentOS ene-GNOME3 GUI ijoyine ku-Microsoft Active Directory
Njengoba sibona, amamojula adingekayo angeziwe futhi anikwa amandla -i-winbind- ukufakazela ubuqiniso ngokumelene ne-Directory Directory, ngenkathi sikhubaza ngamabomu imodyuli ukuze ifunde izigxivizo zeminwe, ngoba akudingekile.
Esihlokweni esizayo sizobhala ngokuningiliziwe ukuthi ungajoyina kanjani iklayenti le-CentOS 7 kwi-Microsoft Active Directory. Silindele lokho kuphela ngethuluzi i-authoconfig-gtk Ukufakwa kwamaphakeji adingekayo, ukumiswa kokuzenzakalela kwezikhombisi zabasebenzisi besizinda eziqinisekisa endaweni, kanye nenqubo uqobo yokujoyina iklayenti ku-Domain of an Directory Directory is automated ngendlela emangalisayo. Mhlawumbe ngemuva kwenyunyana, kuzodingeka kuphela ukuqala kabusha ikhompyutha.
Amafayela amakhulu
Amafayela ahlobene nokufakazelwa ubuqiniso kwe-CentOS atholakala enkombeni /etc/pam.d/:
[izimpande @ linuxbox ~] # ls /etc/pam.d/ i-atd liveinst smartcard-auth-ac authconfig login smtp authconfig-gtk enye i-smtp.postfix authconfig-tui passwd sshd config-use password-auth su crond password-auth-ac sudo izinkomishi pluto sudo-i chfn polkit-1 su-l chsh postlogin i-system-auth zeminwe-i-auth postlogin-ac system-auth-ac fingerprint-auth-ac ppp system-config-authentication gdm-autologin remote systemd-user gdm-fingerprint runuser vlock gdm-launch-environment runuser-l vmtoolsd gdm-password samba Ukusetha kwe-xserver gdm-pin gdm-smartcard smartcard-auth
Amamojula we-PAM ayatholakala
Sinazo izinqolobane isisekelo, i-centosplus, i-epel, y izibuyekezo. Kuzo sithola -okunye kwabanye- amamojula alandelayo asebenzisa imiyalo yum sesha pam-, yum sesha pam_, futhi yum sesha i-libpam:
nss-pam-ldapd.i686: Imodyuli ye-nsswitch esebenzisa amaseva esiqondisi nss-pam-ldapd.x86_64: I-module ye-nsswitch esebenzisa amaseva esiqondisi ovirt-guest-agent-pam-module.x86_64: module ye-PAM ye-oVirt Guest Agent pam -kwallet. nge-MAPI emelene nesiphakeli seZarafa pam_oath.x86_64: Imodyuli ye-PAM yokufakazela ubuqiniso bokungena ngemvume kwe-OATH pam_pkcs86.i64: PKCS # 5 / NSS PAM module module pam_pkcs686.x5_5: PKCS # 86 / NSS PAM module module pam_radius.x64_5: PAM Module for PAM Module for PAM Module for Ukuqinisekiswa kwe-RADIUS pam_script.x86_64: Imodyuli ye-PAM yokwenza imibhalo pam_snapper.i86: Imodyuli ye-PAM yokubiza snapper pam_snapper.x64_11: module ye-PAM yokubiza snapper pam_ssh.x686_11: Imodyuli ye-PAM yokusetshenziswa nezinkinobho ze-SSH kanye ne-ssh-agent pam_ssh_agent_11 86: Imodyuli ye-PAM yokufakazela ubuqiniso nge-ssh-agent pam_ssh_agent_auth.x64_11: Imodyuli ye-PAM yokuqinisekisa nge-ssh-agent pam_url.x86_64: Imodyuli ye-PAM yokuqinisekisa ngamaseva we-HTTP pam_wrapper.x86_64: Ithuluzi lokuhlola izinhlelo ze-PAM namamojula we-PAM pam_yubico.x686_86: I-Module Yokufakazela Ukuqinisekisa ye-yubikeys libpamtest-doc.x64_86: Imibhalo ye-libpamtest API python-libpamtest.x64_686: Isisongeli se-python se-libpamtest libpamtest.x86_64: Ithuluzi lokuhlola izinhlelo ze-PAM namamojula we-PAM libpamtest-devel.x86_64: Ithuluzi lokuhlola Izicelo ze-PAM namamojula we-PAM
Isifingqo
Kubalulekile ukuba nolwazi oluncane ngePAM uma sifuna ukuqonda ngendlela ejwayelekile ukuthi Ukuqinisekiswa kwenziwa kanjani njalo lapho singena kwikhompyutha yethu yeLinux / UNIX. Kubalulekile futhi ukwazi ukuthi kuphela nge-Local Authentication lapho singahlinzeka ngezinsizakalo kwamanye amakhompyutha kunethiwekhi encane ye-SME efana ne-Proxy, Mail, FTP, njll, konke kugxilwe kuseva eyodwa. Zonke izinsizakalo zangaphambilini-nezinye eziningi njengoba sibonile ngaphambili- zinemodyuli ye-PAM.
Imithombo exoxiwe
- Izincwajana zomyalo - amakhasi omuntu.
- Ukufakazela ubuqinisoIkhasi le-Wikipedia ngeSpanishi
- Amamojula Wokufakazela Ukuxhumeka
- I-Red_Hat_Enterprise_Linux-6-Deployment_Guide-en-US
Inguqulo ye-PDF
Landa inguqulo ye-PDF lapha.
Kuze kube yindatshana elandelayo!
Umbhali: Federico A. Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico
I-athikili enemininingwane eminingi yokufakazela ubuqiniso besebenzisa i-PAM, ngiyavuma ukuthi bengingazi ngokuningiliziwe ukusebenza kokufakazela ubuqiniso nenombolo engapheli yezicelo ezinemininingwane eminingi neziphephile esingakunika zona. Le yindatshana enhle ekuvumela ukuthi ubone ngeso lengqondo ubukhulu bokufakazelwa ubuqiniso be-PAM, nakho okungaba nezinhloso eziningi kuma-SME.
Omunye weminikelo yakho emikhulu, ngiyabonga kakhulu ngeFico Material enhle kangaka
Siyabonga ngokuphawula kwakho, Luigys othandekayo. Inhloso yendatshana ukuvula izingqondo zabafundi ku-PAM nakumamojula ayo. Ngicabanga ukuthi okuthunyelwe kuyaphumelela.
Ngendlela engikwazisa ngayo ukuthi imibono ayingifinyeleli ngeposi.
lol, ngikhohliwe ukubhala ikheli lami le-imeyili kumazwana angaphambilini. Kungakho kuphuma okungaziwa. 😉
I-athikili enhle, njengenjwayelo.
UFederico ofundisa kakhulu, kuye kwadingeka ngibhekane ne-PAM kaningi futhi ngiyayithanda idizayini, kuyasiza kakhulu ukukwazi ukufaka ukusebenza kuzingwegwe ezivumelayo, ngokwesibonelo into yokugcina engiyenzile kwakuyi-REST API ePython / Flask eqoqayo ukungena nokungena kwabasebenzisi besizinda sami (isitayela somfowethu omkhulu, ukwazi konke), ngoba abaqageli ukuthi ngibeka kuphi izingcingo zokugoba ukwazisa i-api? Yebo, nge-PAM.
Ngiyabonga HO2GI ngokuhlola okuthunyelwe.
Dhunter: Ngiyabingelela futhi. Njengenjwayelo wenza izinto ezithakazelisa kakhulu. Lutho, lokhu okuthunyelwe kungenye yalezo engizibhalayo "ukuvula izingqondo."