Autentisering via LDAP och Kerberos i FreeBSD 10: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 43: | Line 43: | ||
{{RootCmd|portmaster net/nss-pam-ldapd-sasl}} | {{RootCmd|portmaster net/nss-pam-ldapd-sasl}} | ||
Välj bort pam_ldap stödet. | |||
Välj GSSAPI för open-sasl-client. | |||
{{RootCmd|portmaster security/cyrus-sasl2-gssapi}} | |||
Välj Use Heimdal in base. | |||
[[Category:Guide]] | [[Category:Guide]] | ||
Revision as of 18:37, 15 October 2015
Denna guide är under utveckling.
Installera följande:
Välj att länka mot Heimdal Kerberos.
Editera /etc/krb5.conf:
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = kdc.example.com
admin_server = kdc.example.com
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Skapa och kopiera en /etc/krb5.keytab fil.
Editera följande /etc/pam.d filer och rader:
ftp:auth sufficient /usr/local/lib/security/pam_krb5.so minimum_uid=5000 ftp:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 ftpd:auth sufficient /usr/local/lib/security/pam_krb5.so minimum_uid=5000 ftpd:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 other:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 other:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 sshd:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 sshd:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 sshd:password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 system:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 system:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 system:password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
Välj bort pam_ldap stödet. Välj GSSAPI för open-sasl-client.
Välj Use Heimdal in base.