Autentisering via LDAP och Kerberos i FreeBSD 10: Difference between revisions

From Peters wiki
Jump to navigation Jump to search
← Older editNewer edit →
mNo edit summary
mNo edit summary
Line 22: Line 22:
     .example.com = EXAMPLE.COM
     .example.com = EXAMPLE.COM
     example.com = EXAMPLE.COM
     example.com = EXAMPLE.COM
}}
Editera följande /etc/pam.d filer och rader:
{{bc|1=
ftp:auth sufficient /usr/local/lib/security/pam_krb5.so minimum_uid=5000
ftp:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000
ftpd:auth sufficient /usr/local/lib/security/pam_krb5.so minimum_uid=5000
ftpd:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000
other:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
other:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000
sshd:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
sshd:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000
sshd:password         sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
system:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
system:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000
system:password         sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
}}
}}


[[Category:Guide]]
[[Category:Guide]]

Revision as of 18:27, 15 October 2015

Denna guide är under utveckling.


Installera följande:

root # portmaster security/pam_krb5

Välj att länka mot Heimdal Kerberos.

Editera /etc/krb5.conf: 

[libdefaults]
    default_realm = EXAMPLE.COM

[realms]
    EXAMPLE.COM = {
        kdc = kdc.example.com
	admin_server = kdc.example.com
	default_domain = example.com
    }

[domain_realm]
    .example.com = EXAMPLE.COM
    example.com = EXAMPLE.COM

Editera följande /etc/pam.d filer och rader: 

ftp:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftp:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
other:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
other:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
sshd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
system:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
Retrieved from "http://www.kerwien.se/index.php?title=Autentisering_via_LDAP_och_Kerberos_i_FreeBSD_10&oldid=2998"